As reported by numerous media outlets, Minneapolis-based retailer, Target, alerted consumers that 40 million credit and debit card accounts may have been affected by a recent data breach.
Forty million cards! Think about that for a minute. That’s the equivalent of every resident of California having a credit or debit card compromised. And the timing couldn’t be worse for Target - which relies heavily on Q4 sales - and consumers who use their cards for gift purchases. In Netop’s Chicago office alone, three co-workers started off their day by canceling credit cards.
Target’s announcement has already generated considerable media attention, but it is by no means an isolated incident. As we’ve written about, point-of-sales (POS) devices and ATMs are some of the most lucrative targets for hackers.
Little has been revealed yet as to how the attack occurred - apparently the Secret Service is investigating - but having seen similar attacks over the years, we assume some type of remote system vulnerability was exploited. After all, it’s not like someone could have walked out of a Target store with a POS terminal containing 40 million credit card records. Individual terminal transactions have to be aggregated somewhere, and that was the likely target.
Time will reveal the total monetary damages to consumers, but there’s no denying that Target now faces an enormous PR nightmare - not to mention an erosion of consumer trust. History tells us that this is often more damaging than the financial losses.
So what could have Target - or any retailer for that matter - have done to better? Our white paper, Embedded Devices & Data Thieves, is chock-full of recommendations for mitigating security risks across all industries.