“This is a monster data breach, and if you look at the level of sophistication, you can only conclude this is the eastern European cyber mafia at its best” said Stu Sjouwerman, CEO of KnowBe4.
Tampa Bay, FL (PRWEB) December 19, 2013
During the Black Friday shopping week, tens of millions of credit and debit card records were "phished" out of Target. The data breach was nationwide, and has extended for as far as December 15th according to Target Chief Executive Officer Greg Steinhafel in a statement today to USA Today. The type of data that was stolen is called "track data" which allows the hackers to create counterfeit cards, and if they have PIN information for debit cards, they could even withdraw cash from ATMs.
The whole thing is under investigation by the Secret Service. “This is a monster data breach, and if you look at the level of sophistication, you can only conclude this is the eastern European cyber mafia at its best,” said Stu Sjouwerman, CEO of KnowBe4.
According to Sjouwerman, “The hackers were able to get into the physical card swipe equipment at the stores themselves, and intercepted the swiped card data at the hardware level before it was encrypted. This is unheard of sophistication, shows a long-term preparation phase, Target's network compromised for an extended period, and a planned attack that was executed with almost military precision. That's an Advanced Persistent Threat (APT) if I've ever seen one.”
Targeted attacks like this can be accomplished with a spear-phishing attack and social engineering. A hacker would find an identity online of someone in Target's development team, send them a personalized phishing email (spear-phish) and penetrate their development servers, then methodically worm their way down to the level of the card scanners so that they could insert malware into those devices. This can be prevented with security awareness training of employees at every level giving them effective tools to prevent compromise.
Sjouwerman recommends taking the following steps to secure your personal information if you or a family member have made any purchases at Target the last few weeks:
1. Make a hard-copy of all credit card statements you may have used at Target. Monitor your statements going forward, online if you can, and call them if you see any unauthorized charge.
2. If you did shop at Target these last few weeks, call your credit card company right now, check all charges of the last few weeks with their customer support rep and ask for a new card.
3. If you want more info the PrivacyRights Clearinghouse is a trustworthy source of steps you can take now.https://www.privacyrights.org/how-to-deal-with-security-breach
4. The FTC is the best place for information on what to do and who to contact if you think your credit or debit card has been compromised. http://www.consumer.ftc.gov/articles/0271-signs-identity-theft
About Stu Sjouwerman and KnowBe4:
Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based security awareness training to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. He and his colleagues work with companies in many different industries, including highly regulated fields such as healthcare, finance and insurance. Sjouwerman is the author of four books; his latest is Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.