Get PJ Media on your Apple

Target Execs Take the Hot Seat as Lawmakers Press for Better Measures to Combat Fraud

Still unknown is how the malware that was used to carry out the theft got into Target’s computer system.

by
Rodrigo Sermeño

Bio

February 5, 2014 - 11:42 am
Page 1 of 2  Next ->   View as Single Page

WASHINGTON – A top executive of Target told a Senate committee Tuesday that the company has stepped up its efforts to improve its credit card system following a massive data breach last year.

Target Chief Financial Officer John Mulligan told the Senate Judiciary Committee the data breach affected customers who shopped at the company’s U.S. stores from Nov. 27 through Dec. 18.

Target announced on Dec. 19 that it had been a victim of one of the biggest credit card breaches on record.

Mulligan confirmed that the theft included customers’ names, credit and debit card information, debit-card personal identification numbers and the embedded codes on the card magnetic strips. An estimated 40 million credit and debit card accounts were affected by the breach.

Also stolen was personal data – names, phone numbers, mailing and email addresses – for up to 70 million customers who shopped at the store during the same period.

Mulligan said the retailer started an internal investigation of the breach on Dec. 13 after being notified by the Justice Department about suspicious activity involving payment cards used at Target stores. Two days after beginning its investigation, Target confirmed that criminals had infiltrated its system through the use of malicious software. That same day, it removed the malware from all registers in its U.S. stores.

Still unknown is how the malware that was used to carry out the theft got into Target’s computer system, and how the hackers stole credentials from a Target vendor to enter the system. The identity of the vendor is also still unknown.

“We are working closely with the U.S. Secret Service and the U.S. Department of Justice on the investigation – to help bring to justice the criminals who perpetrated this wide-scale attack on Target,” Mulligan said.

Neiman Marcus also suffered breaches in a similar attack last year. The company disclosed in January that about 1.1 million customer payment cards may have been exposed during a data breach that occurred from July 16 to Oct. 30 last year.

“The maximum number of account numbers in our stores at that time when they were exposed to the malware was 1.1 million accounts,” Neiman Marcus Chief Information Officer Michael Kingston told the panel. “But we do believe, because the malware was only operating at certain times, that the number is less than that.”

Current credit cards in the U.S. use fraud-prone magnetic stripe technology from the 1960s to store information.

The companies and government officials suggested an expedited move to a new type of payment card technology known as “chip and PIN.”

This technology adds a smart microchip to the payment card and requires customers to use a PIN – instead of a signature – to complete a transaction.

The chip-and-PIN system is widely used in Canada and Europe. But U.S. retailers and credit card companies have been reluctant to spend the billions of dollars required to create an entirely new payment system.

Mulligan said Target plans to implement chip-and-PIN technology in its own credit cards by early 2015.

“You can come up with devices that will secure credit card data but it doesn’t alleviate the fact that we’re still talking about criminals that are doing it,” said William Noonan, a top agent with the Secret Service’s cyber operations branch. “These criminals are motivated by money. They’re going to use whatever they have at their disposal to still go after the pot of gold, which is held in the payment card systems piece.”

Comments are closed.

All Comments   (10)
All Comments   (10)
Sort: Newest Oldest Top Rated
my friend's ex-wife makes $85 /hr on the computer . She has been without a job for eight months but last month her pay was $16032 just working on the computer for a few hours. have a peek here.......http://www.work71.com
28 weeks ago
28 weeks ago Link To Comment
My neighbor's step-aunt makes $77 /hour on the computer . She has been out of a job for six months but last month her pay check was $17185 just working on the computer for a few hours. try this >>>>>>> x.co/3qUxw
29 weeks ago
29 weeks ago Link To Comment
We rolled out Chip and PIN in Ireland then the rest of Europe over 10 years ago so the technology is there.
29 weeks ago
29 weeks ago Link To Comment
Why not sink the NSA on Russia and other malware producing countries instead of having them spy on us?
29 weeks ago
29 weeks ago Link To Comment
The U.S. Senate has absolutely no business going after Target executives for the hacking of credit cards when you look at all the fraud that those Senators have perpetrated on the American people.
29 weeks ago
29 weeks ago Link To Comment
And just what is the Federal government going to do when Obamacare is hacked and folks are victims of identity theft. I doubt it's going to be much more than "Oops." There is zero security installed in that obamanation.
29 weeks ago
29 weeks ago Link To Comment
It's probably already happening. The only reason we haven't heard about it is because the government's propaganda arm, the MSM, is under instructions to not report it. At least not until they do a significant job of making Target look so bad that all the data stolen from Obamacare's website looks minor.
29 weeks ago
29 weeks ago Link To Comment
When are they going to look into Obamacare website for any measures to combat fraud?
29 weeks ago
29 weeks ago Link To Comment
Did you notice that Consumers Union (parent org for Consumer Reports) showed up to beat up on Target? That's the same people who are recommending that consumers enter an even larger range of personal information into HealthCare.org which we already know has large security holes.

And let's not forget that Sebelius specifically exempted HealthCare.org from the requirement of notifying customers if their data is breached.
29 weeks ago
29 weeks ago Link To Comment
I find this completely objectionable. The feds spent upwards of $700 million, MILLION of our money and still have not got it right, AND have malware links overseas. WHO THE HECK IS GRILLING OUR HOMEGROWN IGNORANT IDIOTS WHO SPEND OUR MONEY LIKE THAT???? Who is grilling our incompetents?? Why go after Target execs when Target couldn't possibly have the same effect as our own stooges. This is really rich.
29 weeks ago
29 weeks ago Link To Comment
View All