The latest news indicates that retailer Target Corporation has been able to target its recent cyber attack hackers and ascertain that they were operating from overseas. There is not much more information available to the public at this point. Target has decided to keep the overseas hackers guessing about how much information their investigation may have obtained.
Today, Target CEO Gregg Steinhafel issued an offer for free credit monitoring for everyone who has been victimized, and a 10% discount on all shopping at all Target stores this Saturday and Sunday.
All that is really known now is that it appears Target may have allowed as many as 40 million debit and credit payment cards to be hacked in just the first three weeks of this year’s holiday shopping season. According to Target, people who swiped their cards from Nov. 27 to Dec. 5 may have been victimized. That implies a lot of stolen data like such as customer names, actual card numbers, actual card expiration dates – even the personal information that is embedded on that magnetic strip on the back of every card.
One additional disclosure: the hackers did not touch online purchases. The cyber attack only touched in-store holiday purchases.
However, it isn’t known exactly who at Target said this much, except that the information was dispensed by someone who is familiar with the case. That person was not authorized to speak publicly for Target, and the source further declined to indicate any details about the major hacking operation. So, Target is not officially saying how the hackers penetrated their system. They will not even disclose where they think the hackers may be based.
All other relevant details are being kept silent in an effort to prevent the hackers from achieving any more of an advantage. For example, it is believed that if the hackers found out they have indeed been targeted by Target, then they might be able to destroy valuable evidence. They might even disappear all together.
The U.S. Secret Service is in charge of the official investigation, and they are keeping silent. Even official Target spokesperson, Molly Snyder, has declined public comment. The news about the hacking operation was just disclosed Thursday. However, that announcement only came the day after security blogger Brian Krebs had broken the news story.
How big was the hacking job? It seems this may have been more than a cyber attack – this may have been a cyber tsunami.
With over a dozen similar cases taking place in this country since 2005, it might be the second largest case of its kind in U.S. history. This credit card disaster might only be exceeded by the 2005 cyber tsunami targeting retailer TJX Cos. That case involved accounts belonging to approximately 45.7 million customers.
Other than the above information, the only thing evident is that the cyber tsunami seems to have begun over the Thanksgiving holiday weekend. Yet, this is not the end of the story – it is barely the beginning. In fact, the fall out has only just begun for Target. It seems there is growing frustration on the part of people who are still not sure whether or not they have been victimized. The total lack of specific information is taking its toll on angry Target customers who are demanding full disclosure and justice.
Today, a number of potential victims of the Target cyber tsunami continue to complain about difficulties associated with contacting Target, either through its website or through call centers. Yet, there are still Target customers who seem to have escaped harm, and who insist on using their cards and shopping at Target through the holiday season despite the recent news.
A handy outlet for the hacking victims has turned out to be none other than Facebook. Customers have been flocking to Target’s Facebook page to communicate their anxiety publicly. Indeed, many of them have threatened to stop shopping at Target forever.
In an attempt to ameliorate the situation, Target delivered a social media apology on its Facebook page. There was little comfort to be found in the boilerplate apology, in which it reassured customers that Target is working hard to resolve this problem; it is going to add workers to its call centers and it is committed to solving its website issues. In short, Target is pledging to target the hackers and ensure justice for all of its customers.
By: Alex Durig, Ph.D.