Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Target Mocks, Not Helps, Its Data Breach Victims
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
JeniferS511
100%
0%
JeniferS511,
User Rank: Apprentice
1/23/2014 | 2:07:46 PM
Re: Ideas?
There are a lot of things I think Target couldv'e done differently to alleviate the frustration of its consumers. 1) Instead of waiting at least 4 days after discovering the breach and allowing another news source to break the breach, Target should have immediately released the news. 2) At the time that they knew the breach had occured all of their Red Cards (debit and Credit) should have been cancelled and new cards should have been issued. All banks should've been immediatly notified. 3) Target should've been specific into how this security breach occurred. It's been nearly 3 months after the timeline they gave for the breach and it is only coming to light now that they had malware installed on their server. Along with being specific on how it occurred, their should've been specifcs on they fixed it. Just saying it's been taken care of doesn't instill confidence that the problem has actually been tcorrected. 4) Although we all should be checking credit reports yearly, placing the onus back on us to make sure we aren't the victim of fraud when it was their fault that our information was stolen in the first place is not a good way to do business. You are essentially saying that if our information is used then it was our fault for not being deligent enough to stop it. No one has pointed out that all of the information that was stolen has been carved up and is currently being sold on black markets based on regional information. So if you live in S. Ca your information that was stolen is going to be sold to someone in S. Ca, this way if they use the stolen numbers it doesn't raise flags immediately because this is the area that you do your shopping in anyway. The other issue is that it could take months or even years to go through the millions of numbers that were stolen, so yes it is good that Target is giving you a free year, but it could be a year and half or 2 years before a theif might come across your number to use it if it is still available. Bottomline, Target was not proactive in reporting, containing, and solving the problem. It is the handling of the breach that has caused me to forgoe shopping with them, not the breach itself.
JBonfield
50%
50%
JBonfield,
User Rank: Apprentice
1/23/2014 | 1:30:45 PM
Re: Credit monitoring
Regarding Target educating anyone- They first need to get their own house in order and be able to really make their customers, partners, employees feel secure spending their money in the stores.

As of right now, I refuse to go to Target as I do not know how it happened to begin with, and whether or not they have fixed their security system enough to keep it from happening again.

I think security teams and companies who have fixed issues like this, and the hackers that have been caught need to be out there educating the businesses on what might happen, what could happen, and how to keep it from ruining their business.
JBonfield
50%
50%
JBonfield,
User Rank: Apprentice
1/23/2014 | 1:25:11 PM
Target Info Breach- Target not helping anyone but themselves
Our accounts are affected, our lives turned upside down for various amounts of time (week, month, months, year) depending on the situation. For me, it was two weeks of being inconvenienced, and now another two weeks of my bills being held up and held back, and eventually an onslaught of bil payments ripping through my account. I get to live on peanuts for the next week, which would not have been the case had my account not been compromised.

What do we get for the lack of security on behalf of Target? We get a free year of credit monitoring. What does this include? NOTHING other than being able to see what is already happened, and how it affects your credit.

In order to get credit reports along with the monitoring or any kind of real service out of the deal, you have to submit a credit card and pay!

Isnt that what got us in this mess in the first place?

I personally agree with some of the states that are filing class-action suits against Target on this issue. I am praying that my own state does as well, or there is some way for me to be included in any of the other ones.

I have sworn off Target for the time being. I do not forsee my shopping there anytime soon. I have plenty of other stores to go to where my information was not breached.

Thanks Target!

Jonie Bonfield, Madison, WI
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/23/2014 | 12:18:50 PM
Re: Credit monitoring
Well based on what Brian Krebs reported last fall -- that  an identity theft service that sold SS and drivers license numbers purchased much of its data from Experian -- I wouldn't be too eager to share that information. 
Drew Conry-Murray
100%
0%
Drew Conry-Murray,
User Rank: Ninja
1/23/2014 | 10:03:50 AM
Re: Credit monitoring
I shopped at Target during the period of the breach, and my bank issued me a new card. I was thinking of taking up Target on its offer of the free credit monitoring, but I was just looking at the site and saw that I need to give Experian (the company that will monitor my credit) with my social security number. That bothers me, because I don't really trust Experian to keep my information safe.

Just curious to get some opinions on whether the credit monitoring is worth it in exchange for my SS#.
RobPreston
50%
50%
RobPreston,
User Rank: Apprentice
1/23/2014 | 9:42:04 AM
Re: Credit monitoring
Security education is all well and good -- to argue against it is like arguing against teaching kids math and science. But it misses the point here. Target needs to take full responsibility for the breach and ensure that it will never happen again -- through better technology, practices...and customer, partner, and employee education. Spare us the PR campaign. 
BobH088
50%
50%
BobH088,
User Rank: Apprentice
1/23/2014 | 9:29:11 AM
data loss solution
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags let someone who finds your lost stuff contact you directly without exposing your private information.  I use them on almost everything I take when I travel after one of the tags was responsible for getting my lost laptop returned to me in Rome one time. You can get them at mystufflostandfound.com
Marilyn Cohodas
0%
100%
Marilyn Cohodas,
User Rank: Strategist
1/23/2014 | 8:45:41 AM
Re: Credit monitoring
There is nothing wrong with Target educating users about best security security practices. But how about Target educating retailers about the lessons they learned about how they got hacked in the first place. That would require a level of transparency that is rare in the industry.
Mathew
100%
0%
Mathew,
User Rank: Apprentice
1/23/2014 | 5:31:12 AM
Re: Credit monitoring
Agreed. Even better would be allowing data breach victims to bill the offending party -- at a suitably high hourly rate -- for the time that they (or better, a designated third party) have to spend cleaning up the mess. 

ID theft monitoring is watching for criminals putting your stolen card details to use. Had the breached business properly safeguarded that information, customers wouldn't be stuck with having to watch for fraud -- through no fault of their own.

And it's a reminder to never, ever use a debit card except in an ATM, if you can help it.
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Apprentice
1/22/2014 | 7:53:14 PM
Ideas?
Readers -- what would you have rather seen Target do?
<<   <   Page 2 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10737
PUBLISHED: 2020-05-27
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the hom...
CVE-2020-13622
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVE-2020-13623
PUBLISHED: 2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
CVE-2020-13616
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
CVE-2020-13614
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.