Page 16 - GS140101
P. 16
ChapterTitleNews
The Black Friday breach An inside job?
The breach was first reported Until the Target breach was exposed,
by security reporter Brian Krebs 2013 has been relatively light when
on Dec. 18, 2013. On his blog, it comes to data breach discoveries.
KrebsonSecurity, Krebs wrote In April 2013, St. Louis-based
that the fraud involved brick-and- grocery chain Schnuck Markets Inc.
mortar locations and not Target's confirmed that approximately 2.4
e-commerce site. million credit and debit cards used
at 79 of its 100 store locations may
Visa Inc. and MasterCard Worldwide have been compromised as a result
issued statements to The Green Sheet of a breach of its POS network. The
highlighting that they both offer breach reportedly occurred between
cardholders zero liability protection December 2012 and March 2013.
against fraudulent purchases. A Visa
spokesman said the card brand's Another "modest" breach was
cardholder safeguard "is probably reported in January 2013 when
the most important and under- Athens, Ga.-based restaurant chain
reported aspect of this story so far." Zaxby's Franchising Inc. disclosed
that 100 of its locations had been
Indeed, media reports have focused targeted with a malware attack.
on the fact that the fraud involved
Black Friday - the biggest shopping But the Target breach was unique
day of the year. As details of the because of the scope of the operation
breach emerge, it may come to in a short, two-and-a-half-week
rival the sizes of past breaches of period. In the Heartland breach, in
TJX Companies Inc. in 2007 and which at least 130 million debit and
Heartland Payment Systems Inc. in credit card numbers were stolen
2009. by Trojan horse malware secretly
installed on Heartland's processing
The TJX breach, where T.J. Maxx network, the virus had been sitting
was one of the store chains involved on the processor's network for an
in the compromise, fraudsters stole unknown, but extended amount of
what was initially estimated at time.
45 million card numbers, but that
figure was later adjusted to include Additionally, it would take some
approximately 100 million account time for fraudsters to steal millions
numbers. of T.J. Maxx customers' card
numbers via "sniffing" the retailer's
In that hack, fraudsters exploited Wi-Fi network from the parking lot,
a weakness in the retailer's Wi-Fi the source noted. Comparatively, the
network to steal data. That breach Target breach was lightning quick.
was considered the largest retail The coordination and depth of the
breach in the history of electronic attack led the source to speculate
payments. that it was an inside job.
Editor's note: For further coverage of the
"PCI, Visa and MasterCard got so Target breach, as well as other news stories,
paranoid [after the TJX breach] please visit the Breaking Industry News sec-
that they basically rewrote PCI tion at our home page, www.greensheet.
compliance and what it means to com.
be PCI compliant," the anonymous
source said. "And even though T.J.
Maxx was a retailer and had nothing
to do with online transactions, every
gateway and every entity that was
processing credit cards had to now
jump through 10 extra hoops of fire
just to become PCI compliant."
16
16
16
16
16
16
16
16
16
The Black Friday breach An inside job?
The breach was first reported Until the Target breach was exposed,
by security reporter Brian Krebs 2013 has been relatively light when
on Dec. 18, 2013. On his blog, it comes to data breach discoveries.
KrebsonSecurity, Krebs wrote In April 2013, St. Louis-based
that the fraud involved brick-and- grocery chain Schnuck Markets Inc.
mortar locations and not Target's confirmed that approximately 2.4
e-commerce site. million credit and debit cards used
at 79 of its 100 store locations may
Visa Inc. and MasterCard Worldwide have been compromised as a result
issued statements to The Green Sheet of a breach of its POS network. The
highlighting that they both offer breach reportedly occurred between
cardholders zero liability protection December 2012 and March 2013.
against fraudulent purchases. A Visa
spokesman said the card brand's Another "modest" breach was
cardholder safeguard "is probably reported in January 2013 when
the most important and under- Athens, Ga.-based restaurant chain
reported aspect of this story so far." Zaxby's Franchising Inc. disclosed
that 100 of its locations had been
Indeed, media reports have focused targeted with a malware attack.
on the fact that the fraud involved
Black Friday - the biggest shopping But the Target breach was unique
day of the year. As details of the because of the scope of the operation
breach emerge, it may come to in a short, two-and-a-half-week
rival the sizes of past breaches of period. In the Heartland breach, in
TJX Companies Inc. in 2007 and which at least 130 million debit and
Heartland Payment Systems Inc. in credit card numbers were stolen
2009. by Trojan horse malware secretly
installed on Heartland's processing
The TJX breach, where T.J. Maxx network, the virus had been sitting
was one of the store chains involved on the processor's network for an
in the compromise, fraudsters stole unknown, but extended amount of
what was initially estimated at time.
45 million card numbers, but that
figure was later adjusted to include Additionally, it would take some
approximately 100 million account time for fraudsters to steal millions
numbers. of T.J. Maxx customers' card
numbers via "sniffing" the retailer's
In that hack, fraudsters exploited Wi-Fi network from the parking lot,
a weakness in the retailer's Wi-Fi the source noted. Comparatively, the
network to steal data. That breach Target breach was lightning quick.
was considered the largest retail The coordination and depth of the
breach in the history of electronic attack led the source to speculate
payments. that it was an inside job.
Editor's note: For further coverage of the
"PCI, Visa and MasterCard got so Target breach, as well as other news stories,
paranoid [after the TJX breach] please visit the Breaking Industry News sec-
that they basically rewrote PCI tion at our home page, www.greensheet.
compliance and what it means to com.
be PCI compliant," the anonymous
source said. "And even though T.J.
Maxx was a retailer and had nothing
to do with online transactions, every
gateway and every entity that was
processing credit cards had to now
jump through 10 extra hoops of fire
just to become PCI compliant."
16
16
16
16
16
16
16
16
16
