Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Target Mocks, Not Helps, Its Data Breach Victims
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2014 | 11:10:06 PM
Re: Target Info Breach- Target not helping anyone but themselves
Of course, Marilyn, then it becomes a little like game theory.  Next thing we know, we'll see a major breach like this...and then another (exceedingly well-planned and executed, with perhaps inside help) breacon on the same company in the wake of it well into the remediation process.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/29/2014 | 8:58:15 AM
Re: Target Info Breach- Target not helping anyone but themselves
I have to agree with you Joe, that it (sadly) is probably safer to shop at Target today than it was a few months ago, before the breach. Same theory as flying on an airplane after a crash. The security will never be higher than in the days and weeks after a disaster. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2014 | 10:07:57 PM
Re: Target Info Breach- Target not helping anyone but themselves
FWIW, Target has already been attacked and beefed up their security since.  It's probably safer right now to shop at Target than their competitors.  (Esp. considering the recent Neiman Marcus attack.)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2014 | 10:05:45 PM
Class actions
More likely than a nonprofit, the bulk of class action money not going to lawyers will probably wind up in the hands of states' coffers (as state AGs go after the company).  I don't see Target money going to a nonprofit as part of a settlement as a foregone conclusion.
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/28/2014 | 1:30:49 PM
Re: Data Breach Costs
The cost I meant was for the company to have to pay all those affected by the breach..

Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/28/2014 | 11:01:41 AM
Data Breach Costs
Data breaches do cost a lot of money, beyond the damage to a company's reputations. In fact, The Poneman Instititute and Symantic have been benchmarking worldwide costs of data breach for the past eight years. In its May 2013 report,  for example, researchers reported that German and US companies experienced the most costly data breaches at $199 and $189 per record at a total cost of $5.4 million in the US and $4.8 million in Germany.

Clearly. organizations must consider these losses as a standard cost of doing business. Otherwise they would be more proactively investing in systems and policies that help avoid them. 

 
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/25/2014 | 12:37:20 PM
Re: Credit monitoring
I agree with Thomas 100%, responsibility is a big part of the issue. Data breaches should cost the company something (other then a hit to their reputation), there should be compensation to all persons affected by this. Only then will companies take notice, in the wallet thats where it hurts...

Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:31:26 AM
Re: Ideas?
[Target] is essentially saying that if our information is used then it was our fault for not being deligent enough to stop it. 

Couldn't agree more, JeniferS511. There is definitely something wrong with that picture. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:27:04 AM
Re: Ideas?
Great list, @rradina. I won't hold my breath about Target providing a complete disclosure regarding their PCI internal and external audits but I too would like to know if Target employees complained about system problems. If so, Target could have addressed the issue earlier and saved many more shoppers from having their personal data compromised. 
rradina
100%
0%
rradina,
User Rank: Apprentice
1/23/2014 | 2:21:47 PM
Re: Ideas?
My greatest concern is that this will be swept under the rug and those responsible for bad decisions will not be held accountable.  Therefore I'd like Target to:

1)  Come clean and provide a complete description of exactly what happened

2)  Provide full disclosure regarding their PCI internal and external audits -- including the external auditor's name

3)  Provide internal Target staff the ability to anonymously voice past and present PCI concerns.  I'd like to know if folks on the inside repeatedly warned of risks that were never addressed and know what's being done to address them and if there are any that still aren't being addressed.

4)  Cover all costs banks incur issuing new cards and covering fraud.

5)  Cover all government costs incurred helping them figure out what happened.

6)  Provide free legal help to anyone who experiences trouble with identity theft or creditors and cover their losses @ 120%.  If that's handled through a third party, fine, but I shouldn't have to lift a finger to start the service.  You sent me an e-mail apologizing.  You can send me an e-mail stating that you've activated a service on my behalf.  WHY DO I HAVE TO SIGN UP AND PROVIDE MY CREDIT CARD! Target needs to give them a purchase order number!  I have no desire to have some B.S. auto-renewed plan that I have to fight to get cancelled a year from now.
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.