As the Target data breach seems to grow more damaging by the day, there’s a lot of talk about what the repercussions will be – for Target as well as its customers.
History suggests that there will likely be no material effect on the company or its stock value. Target will probably issue the obligatory mea culpa and go back to spending the absolute minimum on IT security, while publicly stating their commitment to protecting their customers.
Target will most likely face a rash of lawsuits brought on by the Attorneys General in just about every US state where the store operates. The credit card issuers will also slam Target with fines that will, in all likelihood, have no long-term consequences for the retailer.
You can also expect the usual gaggle of attorneys filing class action lawsuits to shake down Target on behalf of downtrodden clients. And in the end the attorneys always seem to benefit mightily by huge sums that retailers pay to make them “go away” – while consumers will get crumbs, if that.
There will also be the usual hand wringing about why the USA still does not have EMV credit cards (with chip and PIN/signatures) similar to those already used in other parts of the world.
And one more important point to consider – just because this massive data breach has already occurred, doesn’t mean that Target customers are in the clear. The potential for follow up attacks is very real.
The process generally works like this:
1. Target customer is issued a new card (debit or credit)
2. Criminals who compromised Target contact this customer, apologize for the problem and ask them to enter their new credit card/debit card information including PIN
3. Since the criminals already have detailed personal information they’ve stolen from the Target database, they can appear legitimate in their follow up
4. The fact that the criminals can share parts of the old compromised credit card in their phishing attack means a high success rate on the follow-on attack
5. The scam can be repeated multiple times on the same set of Target victims because both personal contact information and credit/debit card data has been compromised
Always be vigilant against phishing attacks – especially if you suspect that your information has been compromised by the Target breach, or any other.
Philip Lieberman | Founder & President | Liebsoft
Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the priviliedged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Mr. Lieberman has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. He has a B.A. from San Francisco State University.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.