Attacks/Breaches
1/22/2014
02:45 PM
Ira Winkler
Ira Winkler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

Target Mocks, Not Helps, Its Data Breach Victims

The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Apprentice
1/29/2014 | 11:10:06 PM
Re: Target Info Breach- Target not helping anyone but themselves
Of course, Marilyn, then it becomes a little like game theory.  Next thing we know, we'll see a major breach like this...and then another (exceedingly well-planned and executed, with perhaps inside help) breacon on the same company in the wake of it well into the remediation process.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/29/2014 | 8:58:15 AM
Re: Target Info Breach- Target not helping anyone but themselves
I have to agree with you Joe, that it (sadly) is probably safer to shop at Target today than it was a few months ago, before the breach. Same theory as flying on an airplane after a crash. The security will never be higher than in the days and weeks after a disaster. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Apprentice
1/28/2014 | 10:07:57 PM
Re: Target Info Breach- Target not helping anyone but themselves
FWIW, Target has already been attacked and beefed up their security since.  It's probably safer right now to shop at Target than their competitors.  (Esp. considering the recent Neiman Marcus attack.)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Apprentice
1/28/2014 | 10:05:45 PM
Class actions
More likely than a nonprofit, the bulk of class action money not going to lawyers will probably wind up in the hands of states' coffers (as state AGs go after the company).  I don't see Target money going to a nonprofit as part of a settlement as a foregone conclusion.
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/28/2014 | 1:30:49 PM
Re: Data Breach Costs
The cost I meant was for the company to have to pay all those affected by the breach..

Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/28/2014 | 11:01:41 AM
Data Breach Costs
Data breaches do cost a lot of money, beyond the damage to a company's reputations. In fact, The Poneman Instititute and Symantic have been benchmarking worldwide costs of data breach for the past eight years. In its May 2013 report,  for example, researchers reported that German and US companies experienced the most costly data breaches at $199 and $189 per record at a total cost of $5.4 million in the US and $4.8 million in Germany.

Clearly. organizations must consider these losses as a standard cost of doing business. Otherwise they would be more proactively investing in systems and policies that help avoid them. 

 
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/25/2014 | 12:37:20 PM
Re: Credit monitoring
I agree with Thomas 100%, responsibility is a big part of the issue. Data breaches should cost the company something (other then a hit to their reputation), there should be compensation to all persons affected by this. Only then will companies take notice, in the wallet thats where it hurts...

Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:31:26 AM
Re: Ideas?
[Target] is essentially saying that if our information is used then it was our fault for not being deligent enough to stop it. 

Couldn't agree more, JeniferS511. There is definitely something wrong with that picture. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:27:04 AM
Re: Ideas?
Great list, @rradina. I won't hold my breath about Target providing a complete disclosure regarding their PCI internal and external audits but I too would like to know if Target employees complained about system problems. If so, Target could have addressed the issue earlier and saved many more shoppers from having their personal data compromised. 
rradina
100%
0%
rradina,
User Rank: Apprentice
1/23/2014 | 2:21:47 PM
Re: Ideas?
My greatest concern is that this will be swept under the rug and those responsible for bad decisions will not be held accountable.  Therefore I'd like Target to:

1)  Come clean and provide a complete description of exactly what happened

2)  Provide full disclosure regarding their PCI internal and external audits -- including the external auditor's name

3)  Provide internal Target staff the ability to anonymously voice past and present PCI concerns.  I'd like to know if folks on the inside repeatedly warned of risks that were never addressed and know what's being done to address them and if there are any that still aren't being addressed.

4)  Cover all costs banks incur issuing new cards and covering fraud.

5)  Cover all government costs incurred helping them figure out what happened.

6)  Provide free legal help to anyone who experiences trouble with identity theft or creditors and cover their losses @ 120%.  If that's handled through a third party, fine, but I shouldn't have to lift a finger to start the service.  You sent me an e-mail apologizing.  You can send me an e-mail stating that you've activated a service on my behalf.  WHY DO I HAVE TO SIGN UP AND PROVIDE MY CREDIT CARD! Target needs to give them a purchase order number!  I have no desire to have some B.S. auto-renewed plan that I have to fight to get cancelled a year from now.
Page 1 / 3   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio