Target Data Breach Now At 70M

Discussion in 'HardForum Tech News' started by HardOCP News, Jan 10, 2014.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    It was bad enough when the number of people affected was believed to be 40 million. Now, the company is saying that the actual number is 70 million. :eek:

     
  2. HAQattaq

    HAQattaq Limp Gawd

    Messages:
    282
    Joined:
    Dec 25, 2005
    It was probably someone hired by Walmart.
     
  3. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    13,756
    Joined:
    Jan 14, 2007
    oh but hey they gave everyone a 10% discount on ONE day so it's all even now.
     
  4. Bone_Enterprise

    Bone_Enterprise Enter in the Rear

    Messages:
    4,443
    Joined:
    Apr 21, 2006
    [​IMG]

    Forgot the damn tags so this image is also for me.
     
  5. SparkedFire

    SparkedFire [H]ard|Gawd

    Messages:
    1,109
    Joined:
    Jun 27, 2003
    People keep posting this but apparently failed to really take advantage of this. It was actually two days and was stackable. I got about 18% off electronics using the discount, RedCard and Pharmacy Rewards. So basically 1TB hard drives for $45 for example.
     
  6. Cajunheat

    Cajunheat Limp Gawd

    Messages:
    340
    Joined:
    Jun 3, 2008
    So this is hypothetical:" Target allowed my personal info to be stolen and my identity was stolen and have cost me thousands of $$$$ but, they gave me 10% off purchases WOOT WOOT!!!!!!!" Anyway no thanks, Target doesn't get a chanced to put my financial health at risk for 10% off.
     
  7. 8du8

    8du8 Limp Gawd

    Messages:
    298
    Joined:
    Mar 28, 2011
    If you're dumb enough to know you had shopped there within the time frame of the breach and didn't cancel/get new cards issued, that is really not Targets fault. Sure, they waited a few weeks before disclosing the breach, but is there even any confirmed reports of anyone actually having their money stolen from this yet?
     
  8. polonyc2

    polonyc2 [H]ard as it Gets

    Messages:
    16,964
    Joined:
    Oct 25, 2004
    so is the time frame of the breach the only people that are affected?...so if I purchased something from Target with my credit card earlier on in the year then I'm safe from the breach?
     
  9. sfsuphysics

    sfsuphysics I don't get it

    Messages:
    13,756
    Joined:
    Jan 14, 2007
    Yeah that kind of was my point, sure getting a discount is awesome as all hell. I happened to be in Target get a 10% discount and had no idea why until I saw the news later that day.

    I live in California though, so I'm surprised I didn't get a letter notifying me of the potential loss of my information as is required by California law.
     
  10. octoberasian

    octoberasian 2[H]4U

    Messages:
    4,082
    Joined:
    Oct 13, 2007
    About a few days before the massive Target data breach happened last Thanksgiving, my mom's Chase bank account was compromised. Apparently someone skimmed her ATM debit card at a Chase bank ATM. The ATM is the one outside the Chase bank that people use. If going by the letter sent to us by Chase, someone made a duplicate card and bought 5 items with it at three different Walmarts in another county. According to the investigation by Chase, one item was a flat screen HDTV. And, looking at the letter, there were four items at $499.99 each. I can only assume those were Xbox ONE consoles if going by the price and the dates. XONE was released November 22nd. The Target data breaches happened on Black Friday, Nov. 27. My mom's account was compromised on the 23rd. and 24th. last November.

    Luckily my mom's account was insured and the bank has reimbursed her the money. Here's the thing:
    1. She doesn't use the debit card anywhere else except at Chase bank branches to withdraw money from her account.
    2. The scary thing is that this was done at a Chase bank ATM and not a store or anywhere else.
    Thanks to this, my mom now goes inside the bank to withdraw money and refuses to use ATMs now or her debit card. She's old and she gets paranoid easily, so I can understand going that far. Her other bank account with Bank of America has not been compromised, luckily. All in all, she lost around $3000 in those two days alone.

    According to her, the FBI has opened an investigation into this and seeing if other Chase bank branches in the area are affected. My mom hasn't heard anything from the FBI since November, so we assume they're still investigating.

    My word of advice is be careful. And, no matter how careful you are with protecting your identity and personal financial information, someone somewhere will still find a way to take it from you. In the last year I worked as a tax preparer-- 2011 tax year (2012)-- about a fourth of all tax returns I did were rejected because the customer's identities were stolen. We're talking about thousands of dollars of tax refunds total for a lot of these customers. A few of those customers had to pay thousands of dollars plus fees and penalties for tax returns they never filed before, and being asked to pay back the tax refunds they never received because of a falsely filed tax return.

    It's really scary how stolen identities is starting to be more and more common now. Everything from database breaches at Adobe to Target's customer's financial information being broken into.

    We may as well go back to using purely cash now instead of plastic with all these data breaches happening until companies secure their servers and other as close to 100% as possible..
     
  11. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,663
    Joined:
    Dec 13, 2005
    yup

    That doesn't matter. Because of this breach, you now have to go through the process of getting said new card, Then change every single automatic payment setup to come off of your card to the new one. Hoping of course nothing is due to be paid during the time frame that the old one is cancelled and the new one arrives. You also have to make sure to stop at a bank to take out a decent amount of cash for anything that you need to purchase during that time frame as you now don't have a card between the old one being turned off and the new arriving (which can be a week or two depending on said bank).

    So even with you changing out cards it is still a major inconvenience put upon people. $5 doesn't make it up to me.

    That won't happen, the issue is cost of security vs cost of dealing with breach. the breach is cheaper. That has always been the mindset of banks, they could require more stuff in place to protect against theft from check or some other means of transaction but normally that means hiring more people and training them better. When they look at the cost of that vs what it cost them to just deal with the fall out they go the cheaper route. This is pretty much now the mindset of companies when it comes to security for anything now. Nothing is really secure anymore, there are always people gaining access to stuff they shouldn't. And this will continue as companies don't want to pay money for better security, pay money for people that monitor everything closely...
     
  12. cj3waker

    cj3waker 2[H]4U

    Messages:
    2,492
    Joined:
    Oct 12, 2010
    my girlfriend hs about $1500 taken before target disclosed the breach
     
  13. Cajunheat

    Cajunheat Limp Gawd

    Messages:
    340
    Joined:
    Jun 3, 2008
    I don't shop at Target but, My wife did and used her bank card there during the effected time. She cancelled her card immediately upon learning of the breach. Fortunately, no fraud on the said account but according to Target the thieves now have her name, address, e-mail, and phone number. This is way to much personal info that can be exploited and yes I do blame Target for this.
     
  14. ChedWick

    ChedWick Gawd

    Messages:
    596
    Joined:
    Sep 16, 2011
    Yes....

    And yes its still targets fault. A 10% discount is laughable.
     
  15. HAQattaq

    HAQattaq Limp Gawd

    Messages:
    282
    Joined:
    Dec 25, 2005
    What do you suggest they do?


    This could have happened anywhere and it's likely happening somewhere right now where you have recently used a card but it hasn't been detected yet.
     
  16. nutzo

    nutzo [H]ardness Supreme

    Messages:
    7,380
    Joined:
    Feb 15, 2004
    Which is why I have multiple credit cards.

    1 for automatic payments like utilities.
    1 for general shopping.
    1 for questionable web sites.
    1 for travel (Hotels, rental car, etc.)

    Also have a few vendor cards like Target and Amazon to get discounts. If my Target card is compromised, it only affects Target.

    Minimizes the headaches if one does get compromised, and I can switch to one of the other cards as a backup if one gets compromised like when I'm traveling.

    This is why I never use a debit card anywhere other than the bank ATM (and I always check to make sure the ATM doesn't look compromised).
     
  17. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,663
    Joined:
    Dec 13, 2005
    To be honest at this point there is nothing they can do to make it better. If somebody kills your child no amount of I'm sorry or money will bring them. The same here, after screwing up and having a security breach there isn't anything that they can do that will suddenly make everything ok.

    They can own up to the fact that they screwed up, take care of any financial damages that customers have from this, and they can fix whatever caused the problem. but that doesn't make up for the issue. Nor does it excuse it happen.
     
  18. Steelgrave

    Steelgrave Limp Gawd

    Messages:
    253
    Joined:
    Jan 11, 2005
    Not keeping my Credit/Debit Card information would be a good start. There's no reason they need to perpetually store that in a database. (Target red card notwithstanding, but that can probably be argued as well)
     
  19. HAQattaq

    HAQattaq Limp Gawd

    Messages:
    282
    Joined:
    Dec 25, 2005
    I'm not asking what they can do to resolve or prevent it from happening again (there are plenty of controls to implement), I'm asking what can they do for you to get over it?
     
  20. shade91

    shade91 Guest

    That director of IT or director of security is likely searching for a new job now.
     
  21. dr.kevin

    dr.kevin 2[H]4U

    Messages:
    3,053
    Joined:
    Feb 17, 2006
    no big deal. there's no fraud liability on cc's.
     
  22. Dan_D

    Dan_D [H]ard as it Gets

    Messages:
    55,103
    Joined:
    Feb 9, 2002
    I got fucked over by the Target thing and didn't even know about that.
     
  23. termite

    termite [H]ardness Supreme

    Messages:
    4,932
    Joined:
    Aug 27, 2004
    This will be a lot more then 70 Milliion cards when it is all said and done.

    It will also likely not just be Target; the angry grumbling of the internet experts make it seem like like Target is a bank and they control your personal information. The compromise occurred behind the POS terminals, for all practical purposes the data was being intercepted as it flowed from Targets sales systems to the servicing company. That servicing company is a vendor that provides POS systems to a whole lot more companies then just Target.
     
  24. KingSmoth

    KingSmoth Limp Gawd

    Messages:
    480
    Joined:
    Dec 2, 2006
    I just now found that my card was compromised. I didn't make any product purchases at Target, I only drove my friend there so he could get an Xbox One and used my card to buy a cup of coffee at the Starbucks inside Target. I just had to go through all this back in August, so I'm not amused with having to change card info yet again. .
     
  25. Dan_D

    Dan_D [H]ard as it Gets

    Messages:
    55,103
    Joined:
    Feb 9, 2002
    I never shop at Target but it was on the way home and so I stopped to get dog food the day after Black Friday which is in the effected date range. So the one fucking time I use Target in over a year and I get bent over.
     
  26. roma

    roma Limp Gawd

    Messages:
    448
    Joined:
    Sep 13, 2012
    All this kind of thing will increase call for some sort of scanning, biomarkers etc. In a few years I'll have to do a nutscan at home to buy Fallout XYZ
     
  27. octoberasian

    octoberasian 2[H]4U

    Messages:
    4,082
    Joined:
    Oct 13, 2007
    In other news, Neiman Marcus is just now reporting data breaches as well.

    I believe if Walmart got hacked next, it'll probably be a bigger mess than Target.
     
  28. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,171
    Joined:
    Aug 3, 2004

    They also provide 1 year free of fraud monitoring as well

    i heard yesterday on CNN it was up to 110 Million now

    Scary if it was the POS Literally now"piece of sh*t" provider as you said, this could hurt alot more companies now!
     
  29. 4saken

    4saken [H]ardForum Junkie

    Messages:
    10,896
    Joined:
    Sep 14, 2004
    Suntrust already replaced my debit card proactively due to this.
     
  30. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,663
    Joined:
    Dec 13, 2005
    I am with you. I haven't went there in years. However I had gotten a $25 gift card so stopped by the weekend after black Friday to get a few things for a family dinner and decided to spent a little over the $25 to not have a few dollars left on the card. Think I charged like $4 to my debit card as I don't normally bother to carry cash on me (which I know is bad). So had to go through the hassle of changing my card over $4 :/
     
  31. amarvin125

    amarvin125 Limp Gawd

    Messages:
    378
    Joined:
    Aug 21, 2007
    I shopped during the affected period, but haven't been hit with any fraud charges. Discover is sending me a new card just to be safe though. My Amex got hit last month for fraud charges, but I never used it at Target. Still sucks all around.
     
  32. HAQattaq

    HAQattaq Limp Gawd

    Messages:
    282
    Joined:
    Dec 25, 2005
    well. The good? news is the 70 million people were affected so the odds of someone using your information is pretty slim.
     
  33. travanx

    travanx [H]ard|Gawd

    Messages:
    1,577
    Joined:
    Apr 9, 2000
    My Mom just found it she had her identity stolen. Someone(s) changed her social security number to a bank in another state and started rerouting mail and cashing checks at the new address.

    I read that the Target data stolen is everything on file since Target opened. I don't think this is as bad as Walmart online and how they steal the credit card used instantly and start charging to it. Search that one for some stories, since Walmart doesn't acknowledge this and I had this happen to me on 2 different cards the only 2 times I bought something online. 2 cards I hadn't used in over 8 months at the time.
     
  34. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,663
    Joined:
    Dec 13, 2005
    One thing about this story that get me is that this shows how worthless the threat of fines from PCI DSS compliancy really is. They threaten if you aren't following the rules they will fine you something like $250,000+ if I recall and that you might lose the right to accept certain types of cards for up to 2 years.

    And yet some of the rules are that you are not allowed to store the full card information, you are not allowed to store the contents of the magnetic strip, you are not allowed to store the pin... All the stuff that they seem to be storing.

    So for smaller companies they get pressure to ensure they follow these rules. but the bigger guys are just allowed to slide. probably because neither Visa, mastercard or discover want to be the one to say that they are pulling Target's (or any other major chain's ) right to accept their card leaving their competition able to make money off them pulling out of that store.
     
  35. octoberasian

    octoberasian 2[H]4U

    Messages:
    4,082
    Joined:
    Oct 13, 2007
    This isn't even the worse of it, yet:
    http://gizmodo.com/report-holiday-hackers-attacked-at-least-three-other-m-1499657812

    Target and Neiman Marcus were TRIAL RUNS apparently.

    Another retailer got hacked in December which has not been disclosed yet due to current laws. The DoJ is still investigating and once revealed, the current 110 million affected customers will go up.

    Now, who is the third retailer?

    One Gizmodo commenter replied with this:
     
  36. octoberasian

    octoberasian 2[H]4U

    Messages:
    4,082
    Joined:
    Oct 13, 2007
    Also, don't these companies have any anti-malware software installed?

    Being attacked by a "RAM scraping" malware to read the decrypted financial information in the server's memory then sending it to the attackers afterwards tells me they don't seem to have any such protections against these kind of attacks. It's just about laughable honestly. I always peg on my friends to protect their computers because the number of times I've had to fix it after a virus or malware infection. Yet, it seems these companies don't take such a proactive approach to protecting their data and their customers.
     
  37. MrGuvernment

    MrGuvernment [H]ard as it Gets

    Messages:
    19,171
    Joined:
    Aug 3, 2004
    malware isnt pro-active, it is reactive, so if this is a 0day / 0sec exploit the malware makers likley don't even know about it.
     
  38. bucketlist

    bucketlist Gawd

    Messages:
    1,019
    Joined:
    Oct 8, 2013
    Heard about it also. That's just insane.
    Sweetbay Supermarkets got hit years ago and I lost $200 but got it back.