Page 2 of 2 Previous

Continued: Target details data theft in front of Senate panel

  • Article by: JIM SPENCER , Star Tribune
  • Last update: February 4, 2014 - 10:39 PM

The technology involves computer chips and personal identification numbers now in use in Europe; the plan also includes updating card readers in 1,800 Target stores and it should be ready by early 2015, the company said in a release Tuesday.

Mulligan further reported that to date, Target has seen no fraud activity on its proprietary credit and discount cards due to the breach and “a very low amount of additional fraud on our Target Visa card.”

Mulligan will be back on Capitol Hill on Wednesday to appear before a subcommittee of the House Energy and Commerce Committee.

Neiman Marcus woes

Target was not the only company questioned at the Senate hearing. The chief information officer of upscale clothier Neiman Marcus explained a cyberattack on his company’s computers similar to the one Target suffered. He said the malware infecting Neiman Marcus computers had a “zero detectabilty rate” using standard computer protection programs. That breach affected 1.1 million customers.

“The pace of attacks is increasing,” said Fran Rosch, an executive with Symantec, a maker of computer security software. There is a need for information to be “continuously encrypted.”

Everyone is vulnerable

That might have helped Target avoid its current crisis.

“We now know that the intruder stole a vendor’s credentials to access our system and place malware at point-of-sale registers,” Mulligan said in his testimony. “The malware was designed to capture payment card data from the magnetic strip of credit and debit cards prior to encryption within our system.”

But the company later found that the malware also had captured “strongly encrypted” information that employed personal identification numbers.

Sen. Sheldon Whitehouse, D-R.I., said that when a company as large as Target “can be hacked without knowing it, it is not to say that Target did something wrong,” but that everyone is vulnerable.

Klobuchar agreed, saying, “This can happen to anyone.”


  • related content

  • Video: Target CFO addresses customer data breach

    Tuesday February 4, 2014

    Representatives from several major corporations met in Washington Tuesday to discuss how to secure credit card information after a...

  • Feb. 3: Digital underground behind attack on Target

    Monday February 3, 2014

    A security intelligence firm that tracks carder activity says it is following a ring of nine people dealing in access to hacked point-of-sale terminals.


    Find the latest news and information about Target Corp.

  • Taking the oath at the start of Tuesday’s Senate Judiciary Committee hearing are, from left, Target chief financial officer John Mulligan, Michael Kingston of Neiman Marcus, Delara Derakhshani from the Consumers Union and Symantec’s Fran Rosch.

  • FILE - In this Jan. 18, 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla.

  • John J. Mulligan, executive Vice President and Chief Financial Office of the Target Corporation, listens on Capitol Hill in Washington, Tuesday, Feb. 4, 2014, while testifying before the Senate Judiciary Committee hearing on data breaches and combating cybercrime .


    Since disclosing a large data breach late last year, Target says it has taken several steps to protect customers:

    • Free credit monitoring for a year

    • New, reissued Target credit or debit cards for anyone who asks

    • Zero liability for fraudulent charges arising from the breach

    • New card protection technology by early 2015

    From discovery

    to disclosure

    Nearly a week passed between the time Target learned of a large security breach and the time it revealed it to the public.

    Evening of Dec. 12: Target is notified by the U.S. Justice Department of suspicious activity involving payment cards used at its stores. Target begins internal investigation.

    Dec. 13: Target meets with the Justice Department and the Secret Service.

    Dec. 14: Target hires an independent team of experts to lead a forensic investigation.

    Dec. 15: Target confirms the attack and removes all known malware from registers in U.S. stores.

    Dec. 16-17: The company begins notifying payment processors and card networks.

    Dec. 18: Target discovers malware on about 25 additional registers and removes the malware immediately.

    Dec. 19: Target announces the breach publicly.

    Source: Target Corp.

  • get related content delivered to your inbox

  • manage my email subscriptions


Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters