Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Target Mocks, Not Helps, Its Data Breach Victims
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2014 | 11:10:06 PM
Re: Target Info Breach- Target not helping anyone but themselves
Of course, Marilyn, then it becomes a little like game theory.  Next thing we know, we'll see a major breach like this...and then another (exceedingly well-planned and executed, with perhaps inside help) breacon on the same company in the wake of it well into the remediation process.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/29/2014 | 8:58:15 AM
Re: Target Info Breach- Target not helping anyone but themselves
I have to agree with you Joe, that it (sadly) is probably safer to shop at Target today than it was a few months ago, before the breach. Same theory as flying on an airplane after a crash. The security will never be higher than in the days and weeks after a disaster. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2014 | 10:07:57 PM
Re: Target Info Breach- Target not helping anyone but themselves
FWIW, Target has already been attacked and beefed up their security since.  It's probably safer right now to shop at Target than their competitors.  (Esp. considering the recent Neiman Marcus attack.)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2014 | 10:05:45 PM
Class actions
More likely than a nonprofit, the bulk of class action money not going to lawyers will probably wind up in the hands of states' coffers (as state AGs go after the company).  I don't see Target money going to a nonprofit as part of a settlement as a foregone conclusion.
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/28/2014 | 1:30:49 PM
Re: Data Breach Costs
The cost I meant was for the company to have to pay all those affected by the breach..

Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/28/2014 | 11:01:41 AM
Data Breach Costs
Data breaches do cost a lot of money, beyond the damage to a company's reputations. In fact, The Poneman Instititute and Symantic have been benchmarking worldwide costs of data breach for the past eight years. In its May 2013 report,  for example, researchers reported that German and US companies experienced the most costly data breaches at $199 and $189 per record at a total cost of $5.4 million in the US and $4.8 million in Germany.

Clearly. organizations must consider these losses as a standard cost of doing business. Otherwise they would be more proactively investing in systems and policies that help avoid them. 

 
jgstoddart
50%
50%
jgstoddart,
User Rank: Apprentice
1/25/2014 | 12:37:20 PM
Re: Credit monitoring
I agree with Thomas 100%, responsibility is a big part of the issue. Data breaches should cost the company something (other then a hit to their reputation), there should be compensation to all persons affected by this. Only then will companies take notice, in the wallet thats where it hurts...

Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:31:26 AM
Re: Ideas?
[Target] is essentially saying that if our information is used then it was our fault for not being deligent enough to stop it. 

Couldn't agree more, JeniferS511. There is definitely something wrong with that picture. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/24/2014 | 10:27:04 AM
Re: Ideas?
Great list, @rradina. I won't hold my breath about Target providing a complete disclosure regarding their PCI internal and external audits but I too would like to know if Target employees complained about system problems. If so, Target could have addressed the issue earlier and saved many more shoppers from having their personal data compromised. 
rradina
100%
0%
rradina,
User Rank: Apprentice
1/23/2014 | 2:21:47 PM
Re: Ideas?
My greatest concern is that this will be swept under the rug and those responsible for bad decisions will not be held accountable.  Therefore I'd like Target to:

1)  Come clean and provide a complete description of exactly what happened

2)  Provide full disclosure regarding their PCI internal and external audits -- including the external auditor's name

3)  Provide internal Target staff the ability to anonymously voice past and present PCI concerns.  I'd like to know if folks on the inside repeatedly warned of risks that were never addressed and know what's being done to address them and if there are any that still aren't being addressed.

4)  Cover all costs banks incur issuing new cards and covering fraud.

5)  Cover all government costs incurred helping them figure out what happened.

6)  Provide free legal help to anyone who experiences trouble with identity theft or creditors and cover their losses @ 120%.  If that's handled through a third party, fine, but I shouldn't have to lift a finger to start the service.  You sent me an e-mail apologizing.  You can send me an e-mail stating that you've activated a service on my behalf.  WHY DO I HAVE TO SIGN UP AND PROVIDE MY CREDIT CARD! Target needs to give them a purchase order number!  I have no desire to have some B.S. auto-renewed plan that I have to fight to get cancelled a year from now.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41182
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now t...
CVE-2021-41183
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now al...
CVE-2021-41184
PUBLISHED: 2021-10-26
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a...
CVE-2021-41185
PUBLISHED: 2021-10-26
Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may...
CVE-2021-41188
PUBLISHED: 2021-10-26
Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cro...