'Significant changes' at Target following hack, as UK government launches 'cyber streetwise' campaign

Government campaign to raise awareness of cyber issues comes after Target CEO speaks out about attack

US retailer Target has revealed it is planning "significant changes" following a data breach that resulted in hackers stealing details concerning at least 70 million customers in the run-up to Christmas 2013.

Initial figures suggested a toll of 40 million Target customers, but a month on from the cyber breach being discovered, it was revealed the number of affected individuals was in fact almost double initial estimates.

An investigation by Target found information around names, mailing addresses, telephone numbers and email addresses had been stolen by hackers. Malware stored on Target's point of sale (PoS) registers is thought to have allowed hackers to open the breach and make off with data about millions of customers.

Target CEO Gregg Steinhafe has since insisted the chain is safe to shop at and that in addition to the ongoing investigation into the hack, the company is looking into how it can prevent a similar incident in future.

"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. We are not going to rest until we understand what happened and how that happened," Steinhafe told CNBC television.

"Clearly we are accountable and we are responsible - but we are going to come out at the end of this a better company and we are going to make significant changes," he added.

It's thought that Target isn't the only major retailer to have fallen victim to cyber criminals around that time. However, security experts close to the matter haven't yet disclosed the identity of these firms.

According to Chris Wysopal, co-founder and CTO of risk management solutions provider Veracode, a phishing scam is the most likely method in which hackers breached Target's databases.

"This was obviously a very sophisticated attack given the timing, which is perfect for collecting the most amount of card data in a short period of time," he said.

"The malware was likely customised for the type of PoS terminals Target uses. We don't know yet how the malware got on the terminals. At least part of Target's network must be compromised," he continued.

Wysopal added that while wireless networks have been at the heart of other data breaches, such as at discount fashion retailer TJX, this probably wasn't the case with Target.

"For the TJX attack the attackers got in through insecure wireless networks. That's not likely how they did it here. More likely it was a phishing attack or they got in through an insecure web application," he said.

[Please go to page 2]

'Significant changes' at Target following hack, as UK government launches 'cyber streetwise' campaign

Government campaign to raise awareness of cyber issues comes after Target CEO speaks out about attack

Despite the Target attack taking place in the US, Paul Ayers, VP EMEA at enterprise data security firm Vormetric, urged UK businesses to rethink their approaches to security to ensure they're as protected against cyber attacks as possible.

"As unfortunate as it is, this news should serve as a warning to UK retailers, both large and small, and their customers - it is no longer sufficient to build a wall around your database, as hackers know that the data held within cannot defend itself," he said

"The truth is, we must completely rethink our approach to security, as our most valued asset is often the least protected.

"As cyber criminals become increasingly persistent and malware reaches new levels of sophistication, it is far more effective to be proactive, rather than reactive, when it comes to data security," Ayers added.

The UK government has moved to warn small businesses about the threats of cyber crime with a campaign called Cyber Streetwise. It aims to make both businesses and the general public more aware about cyber crime and the methods in which threats can be protected against.

"The internet has radically changed the way we work and socialise. It has created a wealth of opportunities, but with these opportunities there are also threats. As a government we are taking the fight to cyber criminals wherever they are in the world," said Security Minister James Brokenshire.

"However, by taking a few simple steps while online the public can keep cyber criminals out and their information safe," he added.