Target Corporation’s data breach touched millions. What does that mean to those affected, and what recourse do we have.
To say Target Corporation has been in the news is a world-class understatement, and especially disconcerting for those of us who live in Minnesota. Odds are pretty good that everyone living here has a family member, relative, or knows someone who works for Target. When Target has issues, the people of Minnesota have issues.
As an IT professional who writes about information security, and lives in the heart of Target-land; I have a particularly “up close and personal” connection. Many times, when I contracted as a network engineer, I remember getting lost in Target’s cavernous multi-floor data centers. I also remember having to go through a serious shakedown to get into each of the data centers. There was one data center in particular, where a certain security guard took great pleasure pointing out that the guy pictured in my driver’s license had hair.
What happened to Target looks bad. I first learned about the data breach from my friend Brian Krebs, he broke the story on his security blog site Krebs on Security the 18th of December. His follow-up on December 20th provides a lot more detail. The bottom line is 40 million people who used their credit or debit card to make purchases at a Target store between November 27th and December 15th had their card information stolen.
There’s a great deal of speculation as to how the data breach occurred, but that’s all it is at this point—speculation. And to be honest, that’s not my concern. What does concern me are the people potentially affected by the data breach. What are they thinking? It didn’t take long for me to find out.
Friends and people who know I write about information security started to call, asking what I was going to do.
When I told all who contacted me, I wasn’t that concerned. But, I was checking my accounts every morning online. They couldn’t believe that was it. They kept asking what about identity theft. They know our names; can’t they change passwords, and so on. Being immersed in information security, I had a good idea as to what happened, and how to protect my assets. But, it was a bad assumption on my part to assume others did as well. I’d like to fix that.
First, let’s take a look at what the thieves got their hands on. It appears the only information stolen was data stored on the magnetic strip—not the account PIN, and not the three-digit security code on the back of the card. Here’s what the crooks did get from the magnetic strip:
- Card-holder’s name (There appears to be some confusion as to whether the card-holder’s name is on the magnetic strip or not. I called a few banks and received differing opinions.)
- Credit or debit account number
- Expiration date
- Card-present CVV (Another security code located on the magnetic strip.)
People are concerned as to what types of cards the thieves stole information from. The following are involved:
- All forms of credit card
- All forms of debit card
- Target’s Redcard
If people are unable to monitor their accounts online, a banker mentioned they should call the customer service number on the back of the card, and share their concerns. This can become important as most issuing banks have a time limit on reporting discrepancies, and the next statement date may be outside that time window.
Another option is “account change alerts.” Banks offer a service that sends automated calls, texts, or email alerts if more than a designated amount is charged or withdrawn from an account. If the person notified didn’t conclude any transactions; they know to call customer service as soon as possible.
Debit cards being directly associated to a person’s accounts are more of a concern when digital crooks steal the information from them. What happens when the crooks try to use the debit card information is very dependent on the bank. So, call the issuing bank’s customer service to be safe and learn what they recommend.
Yes, it could. I hate saying that, but there is a slight, very slight chance in a “perfect storm” sort of way that it could. To steal a person’s identity requires more information than what is provided on the credit or debit card. Why experts must say yes is to cover the possibility bad guys may have the required additional information, and are able to make the association (perfect storm). Not likely, but possible.
If you prefer not to worry about this at all, or you are planning on a trip in near future; it might be best to have the issuing bank cancel the existing account and open a new one. Worries gone. I included travelers because banks are watching customer accounts like never before. If anything looks out of place, they will lock the account in no time flat. And, I assure you traveling is not the time to have that happen.
- One of New York’s largest nonprofits suffers data breach
- Peeled onions and a Minus Touch: Verizon data breach digest lifts the lid on theft tactics
- Facebook could face $1.63bn fine under GDPR over latest data breach
- Data breaches help crooks targeting you. Prepare to fight back
- ANU incident report on massive data breach is a must-read
- Premera Blue Cross accused of destroying evidence in data breach lawsuit
- Australian defence contractor Austral hit by data breach
- Australian defence contractor Austal hit by data breach
- Chinese hackers accessed sensitive information of intelligence, military personnel in second U.S. data breach
- The latest dark web cyber-criminal trend: selling children's personal data
- Data management firm Veeam mismanages own data, leaks 445m records
- VPN services 2018: The ultimate guide to protecting your data on the internet
- VPN services: The ultimate guide to protecting your data on the internet
- Singapore health ministry refutes suggestions of HIV data leak coverup
- Facebook initially considered breach not eligible for notification in Australia
- Your next worry after the Equifax breach: Fake tax returns
- How your personal data is used to create a perfect midterm election ad
- Sky Brasil exposes data of 32 million subscribers
- Emergency Warning Network confirms breach
- Docker Hub hack exposed data of 190,000 users
Target data breach: What you should tell non-IT folks right now have 1058 words, post on www.techrepublic.com at December 23, 2013. This is cached page on Talk Vietnam. If you want remove this page, please contact us.