Results 1 to 5 of 5
Like Tree2Likes
  • 1 Post By littleroundman
  • 1 Post By ribshaw

Thread: Target customers' encrypted PINs stolen

  1. #1
    littleroundman is offline Administrator
    Join Date
    Jun 2010
    Posts
    16,991

    Target customers' encrypted PINs stolen

    Target customers' encrypted PINs stolen

    TARGET says debit-card PINs were among the financial information stolen from millions of customers who shopped at the US retailer earlier this month.
    The company said the stolen personal identification numbers, which customers type into keypads to make secure transactions, were encrypted and that this strongly reduces risk to customers.

    In addition to the encrypted PINs, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on back of the cards were stolen from about 40 million credit and debit cards used at Target stores between November 27 and December 15.

    Security experts say it's the second-largest theft of card accounts in US history, surpassed only by a scam that began in 2005 involving retailer TJX Cos.

    "We remain confident that PIN numbers are safe and secure,"
    spokeswoman Molly Snyder said in an emailed statement Friday.

    "The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

    However, Gartner security analyst Avivah Litan said Friday that the PINs for the affected cards are vulnerable and people should change their codes since such data has been decrypted, or unlocked, before.

    In 2009 computer hacker Albert Gonzalez pleaded guilty to conspiracy, wire fraud and other charges after masterminding debit and credit card breaches in 2005 that targeted retailers such as T J Maxx, Barnes & Noble and OfficeMax. Gonzalez's group was able to unlock encrypted data.

    Litan said changes have been made since then to make decrypting more difficult but "nothing is infallible."

    "It's not impossible, not unprecedented (and) has been done before,"
    she said.

    Besides changing your PIN, Litan says shoppers should instead opt to use their signature to approve transactions because it is safer. Still, she said Target did "as much as could be reasonably expected" in this case.

    "It's a leaky system to begin with," she said.

    Credit card companies in the US plan to replace magnetic strips with digital chips by late 2015, a system already common in Europe and other countries that makes data theft more difficult.

    News.Yahoo.com
    The only thing necessary for the triumph of evil is for good men to do nothing

  2. #2
    ribshaw's Avatar
    ribshaw is online now Nigerian Ministry
    Join Date
    Feb 2013
    Location
    Internet Cafe Nigeria
    Posts
    4,986

    Re: Target customers' encrypted PINs stolen

    Quote Originally Posted by littleroundman View Post
    Target customers' encrypted PINs stolen


    "We remain confident that PIN numbers are safe and secure,"[/I] spokeswoman Molly Snyder said in an emailed statement Friday.
    Did she say this with a straight face?

    Overconfidence.JPG
    "It's virtually impossible to violate rules ... but it's impossible for a violation to go undetected, certainly not for a considerable period of time." Bernie Madoff
    https://www.facebook.com/pages/Scam-...98399986981403

  3. #3
    ribshaw's Avatar
    ribshaw is online now Nigerian Ministry
    Join Date
    Feb 2013
    Location
    Internet Cafe Nigeria
    Posts
    4,986

    Re: Target customers' encrypted PINs stolen

    We understand our guests are eager to sign up for free credit monitoring and identity theft protection.

    More details will be coming next week including specific instructions on how to enroll. In the meantime, please know that the sign-up period will extend for three months so that all interested guests will have plenty of time to register. Our contact centers have no additional information to share until the service is launched; as soon as information is available, we will share it here.

    “We know this incident has been a confusing and stressful time for our guests, and for that we apologize,” said Scott Kennedy, president, Finance and Retail Services, Target. “We hope this offer provides them with additional peace of mind.”

    The service, which will be available to all guests who shopped our U.S. stores, will include a complimentary credit report, daily credit monitoring, identity theft insurance where available, and access to personalized assistance.

    Guests who sign up for free credit monitoring should continue to monitor their accounts and report any unusual or suspicious activity to their bank. We also want to remind guests that they have zero liability for the cost of any fraudulent charges arising from the breach.

    https://corporate.target.com/discove...ng-to-all-gues
    "It's virtually impossible to violate rules ... but it's impossible for a violation to go undetected, certainly not for a considerable period of time." Bernie Madoff
    https://www.facebook.com/pages/Scam-...98399986981403

  4. #4
    littleroundman is offline Administrator
    Join Date
    Jun 2010
    Posts
    16,991

    Re: Target customers' encrypted PINs stolen

    Target says data breach up to 110 million customers

    Giant US retailer Target said Friday that up to 110 million customers have had their personal data stolen in a data breach, sharply raising its initial estimate.

    The number of people affected represented one in three Americans, and the scope of the information stolen was much broader than originally thought, Target admitted.

    Target initially reported on December 19 that payment card data of some 40 million customers had been obtained by hackers during the year-end holiday shopping season.

    The stolen information included credit and debit card data, customer names and PIN (personal identification data) numbers.

    On Friday, Target said that its investigation had revealed that hackers also stole a second batch of data that included names, mailing addresses, phone numbers or email addresses for up to 70 million people.

    "This theft is not a new breach; these are two distinct thefts as part of the same breach," a Target spokesman told AFP.

    "The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared."

    Target chief executive Gregg Steinhafel said the company was "truly sorry" for the data breach.

    Target said consumers would have "zero liability" due to any fraudulent charges arising from the theft. It offered one year of free credit monitoring protection.

    Target is cooperating with an investigation led by the Justice Department and Secret Service. A group of state attorneys general have launched a parallel investigation aimed at protecting victims.

    New York Attorney General Eric Schneiderman called the new disclosure "deeply troubling."

    "Consumers in New York and around the country expect and deserve companies that protect their personal information when they shop on their websites and in their stores," Schneiderman said in a statement.

    Target said the news of the data theft, which came at the peak of the Christmas shopping season, impacted sales in its stores.

    It said it now expects fourth-quarter comparable store sales to decline 2.5 percent from its prior forecast of flat sales.

    The company said it may need to take a charge for expenses related to the data breach to cover potential costs, including reimbursements for credit card fraud, liabilities from civil litigation, government investigations and enforcement proceedings.

    Target shares shed 1.1 percent to $62.62 on Friday.

    Yahoo News.com
    The only thing necessary for the triumph of evil is for good men to do nothing

  5. #5
    littleroundman is offline Administrator
    Join Date
    Jun 2010
    Posts
    16,991

    Re: Target customers' encrypted PINs stolen

    Target breach leads to credit card fraud

    ACCOUNT information stolen during the Target security breach is now being divided up and sold off regionally, a South Texas police chief says following the arrest of two Mexican citizens who authorities say arrived at the border with 96 fraudulent credit cards.

    McAllen Police Chief Victor Rodriguez said Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, both of Monterrey, Mexico, used cards containing the account information of South Texas residents.

    Rodriguez said they were used to buy tens of thousands of dollars' worth of merchandise at national retailers in the area including Best Buy, Wal-Mart and Toys R Us.

    "They're obviously selling the data sets by region,"
    Rodriguez said.

    Garcia and Guardiola were both being held on Monday on state fraud charges. It was not immediately known whether they had retained lawyers.

    The local police began working with the US Secret Service after a number of area retailers were hit with fraudulent purchases on January 12.

    The Secret Service confirmed that the fraudulent accounts traced back to the original Target data breach from late last year.

    Investigators fanned out to McAllen-area merchants and reviewed "miles of video" looking for the fraudsters, Rodriguez said. From that, they were able to identify two people and a car with Mexican licence plates.

    With the help of US Immigration and Customs Enforcement, investigators confirmed the identities of their suspects from immigration records of when they had entered Texas in the same vehicle. Police prepared arrest warrants last week and waited for them to return.

    On Sunday morning, federal officials alerted police that their two suspects were at the Anzalduas International Bridge trying to re-enter the US They were carrying 96 fraudulent cards, Rodriguez said.

    Investigators believe the two were involved in both the acquisition of the fraudulent account data and the production of the cards, but only part of what must have been a much broader conspiracy. Rodriguez said investigators suspect Garcia and Guardiola were singling out Sundays for their shopping sprees hoping that the banks would not be as quick to detect the fraud.
    With the amount of electronics and other merchandise purchased on January 12, Rodriguez said the two would have needed an "army" to move it all, and he expected they would eventually face federal charges.

    Rodriguez also alluded to a link with Eastern Europe or Russia, but did not provide additional details.

    South Texas authorities have seen large-scale fraudulent credit card schemes before, including one in which they seized machines used to upload information to the cards' magnetic strips.

    The security breach involving Minneapolis-based Target is believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers.

    News.com
    The only thing necessary for the triumph of evil is for good men to do nothing

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Disclaimer: Opinions expressed on this website are solely those of their respective authors.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42