Target Is Not Giving Us The Full Poop On The Breach

Target Is Not Giving Us The Full Poop On The Breach
Is Target Giving Us The Full Poop On POS Breach?

As longtime Target customers my wife and I are more than dismayed at the ease at which hackers were able to breach its entire Point of Service (POS) operation especially given the fact that there was no way an add-on device could have been attached to every single card reader at the checkout. So let's face it - this was no ordinary breach! And given the number of useless emails we have received regarding our account I get the real sense that Target is not giving us the full poop on the breach.

And that could come back and hurt them far worse than they realize.

For now, our Target Credit Card will remain quarantined so that we can properly monitor and assess the damage done and I would think that that would be the most prudent thing to do regardless of Target's assurances that they have repaired whatever it was that led to the breach.

Right now I just don't trust them!

Especially after reading an article on how sophisticated this breach was and how quickly stolen data hit the Hacker Underground. So sophisticated, in fact, that buyers on these underground sites can get specific zip-codes so their thievery can be perpetrated close to you while giving them sufficient cover before someone can get wise about using your card.

Of course the article also raised another issue of concern to me. It involved a bank where the writer of the article showed them how easy it was to retrieve the cards they issued from the underground site selling them and their decision to take a "wait and see" position because they were more concerned about the $3-$5 cost impact to replace them for their customers.

And that quickly turned into a "what in the hell is that all about" moment that turned to anger. I mean who gives a crap if it costs money to close accounts and reissue cards? It would seem that that was not only the right thing to do but a prudent one! Even more so if the latest report of hackers getting access to the encrypted Personal Information Number (PIN) are accurate.

Naturally spokespeople for both Target and the affected card issuers will try to reassure people. But the way I see it is that they are all beginning to sound more like the run of the mill politicians who have a habit of telling us things out of both sides of their mouths and taking a cover my own ass attitude while leaving customers to fend for themselves.

So take nothing for granted here folks. Check whatever account is linked to whatever credit or debit card you used at Target on the days affected and look for suspicious charges. And remember, they may at first try to put through a small inconsequential charge to verify they have a live account to play with before wiping you out.

Why?

Because I still think Target is not giving us the full poop on the breach.

And destroying Christmas for many!

Update: January 20, 2014: If you used something other than a Target Visa you might find this latest article disturbing.

Comments

Leave a comment
  • It is pretty clear that someone breached the server. This isn't someone put a device on a reader.

    Someone told me that their bank called them and said that their credit card was cancelled and a new one FedExed to them because charges showed up instantaneously in three cities. Apparently the real banks have ways to detect this kind of fraud, while apparently "Retailer's National Bank" doesn't.

    However, if you are talking about a Target card only good at Target (as opposed to something like a Sears Master Card) (1) I don't see how much they can steal, and (2) I wouldn't have a Target or Kohl's card, because 5% off on an initial purchase of $6 isn't worth it to me.

  • In reply to jack:

    Jack it appears that the hackers used malware to breach Target. FYI a Target Red Card is a Visa Card and can be used where ever a Visa is accepted.

  • In reply to Michael Ciric:

    Well, I have enough of other cards of that nature, but at least they are associated with real banks.

  • In reply to jack:

    You and me both. But we have had the Target one for awhile too and quite frankly am not pleased with their response thus far. This will hurt them I think given the number of lawsuits being filed and more to come. But hey they did send us some useless 20% off coupons on items we don't buy. Oh well.

  • Coming back to this, some security sites (Krebs on Security seems the primary one) mentioned in the press mentioned how this could have happened. The current theory is that some Russian language hacker put code into the system that scraped the data from the readers before it could be encoded and stored it in a hijacked part of the server, where it was later retrieved. The scam got exposed only when certain sites started advertising the card numbers for sale. Apparently, due to U.S. credit card laws, those cards issued by foreign banks used in the U.S. go for more money.

  • In reply to jack:

    Yes I read that too Jack. Seems it was a hybrid piece of malware that was already out there that is able to pick out the approval code at the instant a purchase requests one when swiped - which, new to me, apparently is in an "unencrypted" state.

  • In reply to Michael Ciric:

    On the "unencrypted" point, apparently it can copy whatever is on the mag stripe, which seems to be enough to start reproducing cards.

    Some of the articles say that US banks and merchants should go to RFID, but then you get the Ventra mess and about 98% of the card readers having to be replaced.

  • In reply to jack:

    They should go to RFID but me thinks the extra expense is what's got merchants and banks thinking twice. Alas it is always about the bottom-line.

Leave a comment