A note to Australian readers – Target Australia is owned by Wesfarmers (Coles, Kmart, OfficeWorks and Bunnings) and uses a different web site and technology – this article is about the vulnerability of online sites and point of sale sytems and shows even a reputable company such as Target USA can struggle to in its duty of care to shoppers.
As is custom in the US a growing list of class actions – 40 at last count - seeks to punish the company for failing to protect shopper’s data.
Target has not revealed the full extent of the data stolen. Other reports state that customer names, credit or debit card numbers, expiration dates and CVVs were involved in the information theft – all used for false credit card transactions. Target says that this was encrypted and is safe.
An FTC (Federal Trade Commission) report uses the words “What the hackers obtained is as good as gold.” The lawsuits - all positively phrased to accentuate the potential for loss of course - suggest that the affected customers will have to worry about data security for years.
It is not clear how the hack occurred but it has been suggested that malware was responsible. Malware can be manually loaded by someone with access to the corporate network, or more worryingly, from an internet connected device somewhere on Target’s network. If it is the latter, it could set back the cause of Bring Your Own Device considerably.
Target has engaged a third party to track down the cause – but it should release its findings quickly - customers deserve to know what happened and how future attacks will be prevented.
Target is also establishing a credit card monitoring program but details are not available yet.
Apparently, master phishers have been quick to spam Target customers purporting to be from Target asking for social security number, credit card number, and/or other personal information.
The internet is a dangerous place – I am sure Target USA did everything it could to secure its systems.
Add that to recent hacks at Snapchat, Skype, Twitter, Facebook and the paranoia gauge goes off the chart.
The kicker is that if such a big fish can be hacked then what about the minnows that we use every day for on-line shopping.
Online security will be a hot topic in 2014.