'Significant changes' at Target following hack, as UK government launches 'cyber streetwise' campaign

By Danny Palmer
13 Jan 2014 View Comments
A padlock on a hard drive representing cyber security

US retailer Target has revealed its planning "significant changes" following a data breach that resulted in hackers stealing details concerning at least 70 million customers in the run-up to Christmas.

Further reading

Initial figures suggested a toll of 40 million Target customers, but a month on from the cyber breach being discovered, it was revealed the number of affected individuals is in fact almost double initial estimates.

An investigation by Target has found information around names, mailing addresses, telephone numbers and email addresses had been stolen by hackers. Malware stored on Target's point of sale registers is thought to have allowed hackers to open the breach and make off with data about millions of customers.

Target CEO Gregg Steinhafe has insisted the chain is safe to shop at and that in addition to the ongoing investigation into the hack, the company is looking into how it can prevent a similar incident in future.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. We are not going to rest until we understand what happened and how that happened," Steinhafe told CNBC television. 

"Clearly we are accountable and we are responsible - but we are going to come out at the end of this a better company and we are going to make significant changes," he added.

It's thought that Target isn't the only major retailer to have fallen victim to cyber criminals in the run-up to Christmas. However, security experts close to the matter haven't yet disclosed the identity of these firms.

According to Chris Wysopal, co-founder and CTO of risk management solutions provider Veracode, a phishing scam is the most likely method in which hackers breached Target's databases.

"This was obviously a very sophisticated attack given the timing, which is perfect for collecting the most amount of card data in a short period of time," he said

"The malware was likely customized for the type of POS terminals Target uses. We don't know yet how the malware got on the terminals. At least part of Target's network must be compromised," he continued.

Wysopal added that while wireless networks have been at the heart of other data breaches, such as at discount fashion retailer TJX, this probably wasn't the case for Target.

"For the TJX attack the attackers got in through insecure wireless networks. That's not likely how they did it here. More likely it was a phishing attack or they got in through an insecure web application," he said.

[Please go to page 2]

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
33 %
11 %
19 %