In the last few days there has been bad news for retailers and their ability to comply with
card data security protocols to protect their customer card data from hackers.
Target was forced to admit, in an update on its ongoing forensic investigation into the breach, that up to 70 million individual customer details have been stolen in the attack, far more than the initial 40 million estimate.
Last month, Target confirmed that approximately 40 million credit and debit card accounts may have been impacted over a two-week period beginning on Black Friday, the busiest shopping day of the year.
Furthermore, the retailer has ascertained that other customer information – separate from the payment card data previously disclosed – was taken, including names, mailing addresses, phone numbers or email addresses.
This week, Neiman Marcus Group has become the second major US retailer to confess that hackers have compromised its systems, making off with customer card details.
In a statement the retailer says that it was told by its merchant processor in mid-December that unauthorised card activity had been spotted after purchases at its stores.
A subsequent investigation by an outside forensics firm found evidence of a cyber-breach and that “some customers’ cards were possibly compromised as a result”.
According to Reuters, Target and Neiman Marcus are not the only merchants to have been hit by crooks over the holiday period. Citing sources, the wire service says that at least three other well-known retailers have suffered smaller breaches but have not yet gone public with the news.
Law enforcement agencies suspect that the spate of attacks is being masterminded from Eastern Europe.
“Yet again, the attackers have gained access to sensitive data,” says Mark Bower, VP at Voltage Security. “The industry has to understand that incomplete approaches to protecting data, that leave it exposed at some vulnerable point in its life, will result in a breach. It’s merely a matter of time.”
“Traditional defences leave too many exploitable gaps that present an opportunity for compromise. Data breaches are unstoppable, but it’s entirely possible to neutralize their impact using new defences that leading retailers and payment processors have already adopted successfully with the double benefit of risk and compliance cost reduction.”
Target is offering one year of free credit monitoring and identity theft protection to all customers who bought goods at any of the retailer’s stores during the period in question, and a zero-liability agreement against any losses incurred as a result of the breach.