Inside This Issue - News
Congress to look into data breach at Target
February 3rd, 2014
MINNEAPOLIS – The chief financial officer of Target Corp., John Mulligan, has been summoned to testify before the Senate Judiciary Committee this week about the massive data breach experienced by the retailer during the holidays.
In the House of Representatives, meanwhile, the leader of the House Energy and Commerce Committee, Henry Waxman (D., Calif.) has demanded that Target provide massive documentation related to the breach.
These are the latest in a flurry of moves by federal lawmakers suddenly energized by the issue of data security. In early January Jay Rockefeller (D., W.Va.), chairman of the Senate Commerce Committee, and Claire McCaskill (D., Mo.), who chairs the Commerce subcommittee on consumer protection, wrote to Gregg Steinhafel, Target’s chairman, president and chief executive officer, requesting a briefing on Target’s investigation of the incident. In addition, the Senate Banking Committee plans to have its own hearing on data security.
Target is not the only major retailer to have its customer data compromised. High-end department store Neiman Marcus Co. has revealed that information from as many as 1.1 million of its customers’ payment cards may have been hacked between July 16 and October 30, 2013. Reuters has reported that at least three other well-known but unidentified retailers were the victims of smaller data breaches using techniques similar to the attack on Target.
Reuters also reported that Visa Inc. issued alerts to retailers in April and August 2013 following surges in cyber attacks. The alerts reportedly warned of the threat from a type of malware known as a RAM scraper, or memory-parsing software, that allows encrypted data to be captured while it passes through the memory of a computer, where it appears in plain text.
Target has not revealed how its network was penetrated, since its internal investigation, as well as comlementary investigations by the Secret Service and FBI, are ongoing.
In mid-January, though, the Office of Homeland Security released a report — “Indicators for Network Defenders” — to help retailers determine if their system’s security has been compromised.
The report identified one malware program used in the recent attacks as POSRAM Trojan, a RAM scraper. It further noted that POSRAM evaded detection by antivirus software when it infected Windows-based point-of-sales software.
Ironically, Target was a pioneer in testing chip-based payment cards, which are common in Europe, Canada and Asia and which make it difficult for cyber thieves to capture shopper data. Between 2001 and 2004 Target, in collaboration with Visa, tested a chip-based card, or smartcard. The advantage of these cards is that the chips convert the cardholder information into unique codes for each transaction, and often require additional authentication.