Any techies out there....how did Target not know for so long? Aren’t there supposed to be checks on the security of the system very often?
Important: don’t use a debit card! Use a credit card.
Protection is much better with a credit card since the charge is billed against the credit card company first and then billed to the customer whereas the debit card deducts the charge directly from a person’s checking account and “good luck getting the refund.”
The CC company monitors “strange” charges and will contact the card holder almost immediately if there is a suspicious charge.
Corporations are extremely slow to move. Once customers noticed the charges, its reported to either the bank or to Target depending on if the charges hit a debit or hit a target credit account. Once they were notified, they begin an investigation. God knows how long it took to go from A to B to C.
Once the lawsuit starts, and you better believe it will, discovery will hopefully reveal Target’s IT Security practices and what they did or did not do. Target likely doesnt handle their own IT Sec and probably outsourced it and did not want to pay to get the job done correctly. I have seen this over and over and over again. Nobody wants to pay for technology and many businesses think they can cut corners because they have little to no understanding or respect for technology.
Target was probably compromised by insiders in their IT organization and one or more of their service suppliers.
It is easy to cover-up a crime for some length of time when you are responsible for implementing the security arrangements.
Outside forensic teams have already descended on Target at the direction of executive management. Various three-letter Government Agencies are involved as well.
A key item apparently was that the PIN codes from in-store credit card readers were being stashed away in some unauthorized location, along with the three-digit authentication codes used for on-line orders. Information was likely being transmitted periodically to "dead drop" servers outside the company network.
When this thing unravels, there will probably be several key people found who have serious gambling problems, sex fetishes or drug additions which made them easy targets for organized crime to recruit.
It is very hard to completely erase tracks on such crimes, and the low-level, mid-level participants could all be identified fairly quickly. Whether they are prosecuted could depend on how much negative publicity Target wants to endure from the follow-through.
The high-level sponsors of this crime are probably beyond the reach of the American judicial system.
I think not a month has gone by this week where one agency or another or company or another has not announced a data breech so how anyone can note only Target’s loss caused their problem I don’t think will have much of a case.