Archived KrebsOnSecurity Breaks Story on Target Data Breach

Status
Not open for further replies.
It's not Targets fault they were hacked. It could have happened to any company. Their handling of the situation just shows the utter incompetence of the people at corporate. As soon as they knew they were hit they should have had cancelled all the RedCards and issued new numbers. They sat on the info for days until it started to be reported and then said their might be a breach. Another day goes by and they finally say their is a breach. The news reported for at least 2 days that the hackers stole PINs. Targets response? A full denial and surprise surprise Target is wrong or was lying. I believe the latter there. It's the same reactive thinking they have had for years. What your missing your sales goal? Cut payroll!
 
We don't know yet, but I would not be surprised if Target is found at fault for being hacked in the sense that they did not ensure do diligence to secure their POS systems from being compromised. Your typical POS machine is running an outdated version of Windows XP, and the majority of PCs in stores have only recently been updated to Windows 7. This makes it absolutely trivial for someone to exploit security loopholes and install malware.

Why not update the OS? Because that costs money and corporate is stuck in a bubble world where IT means jack shit to them.
 
They won't be found "at fault." That's like saying "well it's your fault your purse was stolen, because you didn't use a crossbody bag, and yours was easier to snatch."

I'm not saying there isn't more they could be doing for prevention (they could've worn the crossbody bag. Visa/MC/Amex/Discover could bring chip & pin to the states, there's prob more sophisticated security out there, etc.). I'm just saying that taking blame away from the criminals who actually did this is essentially victim shaming. It's like stealing candy from kids. It's easy to do. You could probably do it and get away with it, but we don't do it, because we're not asshole criminals. Just because you have the ability and means to do something, doesn't mean you should do it.

I hope any of those analogies makes sense. I'm sleepy and my brain is definitely not at 100%

I've always been extra vigilant with my cards, and I'm being even more obsessive about it now.
 
All my credit union has said about this is to check your balance daily which I have started doing. So far, fortunately (or unfortunately), I'm the only one who seems to be using my debit card. And I have not used my Target Visa Card in at least 3 months so I haven't worried about that.
 
Hardlinesmaster said:
Spot needs to say to everyone. Your new card is on the way. Again, the bank who brought the portfolio, has said nothing to date.
Click to expand...

Just got a letter from the local bank that issued my HSA debit card (for the non-Spot health insurance my wife has.) They saw that she used the card at Target Pharmacy between BF and Dec 15, so they are cancelling the card and issuing a new one.

Maybe Target should take a lesson and do the same before things spiral even more out of control.
 
I thought the breach didn't effect Red Cards. Did it? I mean, someone was telling me they were processed differently, and if you used one, your okay.
 
Personally, I would think they are at less risk because the debit one is useless without the PIN. And the credit one (not the Spot Visa) is only good at Spot, so the interest in that one, while likely still there, is less. Of course Spot was pretty unforthcoming about the whole PIN issue and avoided the questions until they got called out on the carpet. So I'm not sure how much I trust their statements right now.
 
Last edited:
Buff14 said:
It's not Targets fault they were hacked. It could have happened to any company. Their handling of the situation just shows the utter incompetence of the people at corporate. As soon as they knew they were hit they should have had cancelled all the RedCards and issued new numbers. They sat on the info for days until it started to be reported and then said their might be a breach. Another day goes by and they finally say their is a breach. The news reported for at least 2 days that the hackers stole PINs. Targets response? A full denial and surprise surprise Target is wrong or was lying. I believe the latter there. It's the same reactive thinking they have had for years. What your missing your sales goal? Cut payroll!
Click to expand...

Correct, but they are responsible for how they responded to the situation, as you noted.

Some of you may find this interesting or may not, but my father reminded me of this the other day. Back during the GHW Bush Administration, there was a security breach, a spy, revealed in the State Department. It happens. The response was what was most interesting. The Secretary of State at the time, Lawrence Eagleburger, quietly submitted his resignation to President Bush. Eagleburger had no complicity in the breach, but he simply adhered to the Harry Truman model of "The buck stops here," and contended that since the breach happened under his watch, he should bear responsibility for the breach.

Now, I don't post all that often and my posts generally have to do with my beefs with corporate culture, but can anyone conceive of a corporate executive having the honor and character to accept responsibility in the fashion Eagleburger did? I certainly can't. You'll notice that you are told to "own it" and take responsibility for what happens in your departments, yet when was the last time your CEO or any CEO apologized to the employees for a dumb decision? When is the last time one fell on his sword for the benefit of the whole? When honor and character are expected of the "little people" but there is no such code of honor at the top, the remainder of the organization rots.
 
melvin said:
Buff14 said:
It's not Targets fault they were hacked. It could have happened to any company. Their handling of the situation just shows the utter incompetence of the people at corporate. As soon as they knew they were hit they should have had cancelled all the RedCards and issued new numbers. They sat on the info for days until it started to be reported and then said their might be a breach. Another day goes by and they finally say their is a breach. The news reported for at least 2 days that the hackers stole PINs. Targets response? A full denial and surprise surprise Target is wrong or was lying. I believe the latter there. It's the same reactive thinking they have had for years. What your missing your sales goal? Cut payroll!
Click to expand...

Correct, but they are responsible for how they responded to the situation, as you noted.

Some of you may find this interesting or may not, but my father reminded me of this the other day. Back during the GHW Bush Administration, there was a security breach, a spy, revealed in the State Department. It happens. The response was what was most interesting. The Secretary of State at the time, Lawrence Eagleburger, quietly submitted his resignation to President Bush. Eagleburger had no complicity in the breach, but he simply adhered to the Harry Truman model of "The buck stops here," and contended that since the breach happened under his watch, he should bear responsibility for the breach.

Now, I don't post all that often and my posts generally have to do with my beefs with corporate culture, but can anyone conceive of a corporate executive having the honor and character to accept responsibility in the fashion Eagleburger did? I certainly can't. You'll notice that you are told to "own it" and take responsibility for what happens in your departments, yet when was the last time your CEO or any CEO apologized to the employees for a dumb decision? When is the last time one fell on his sword for the benefit of the whole? When honor and character are expected of the "little people" but there is no such code of honor at the top, the remainder of the organization rots.
Click to expand...

Completely agree with you. I have always led by if my team or a team member in my alignment screws up then it's not their fault, it's mine. That's why I have no respect for most of the ETLs I have worked with over my 5 years with Target. They don't lead by example and will try to shift blame. Gregg Steinhafel is demonstrating his lack of ability to lead this company and the board of directors and stockholders are just as culpable for letting him stay.
 
Meanwhile, the fallout will likely have a ripple effect across the industry.
U.S. Senator Robert Menendez said last week that he has asked the Federal Trade Commission for an update regarding the breach.
He also has asked the FTC to recommend any further legislative action that will ensure consumers are better protected.
That could include holding retailers accountable for failing to protect sensitive customer data.
Click to expand...

That's my Senator.
To a certain degree I think he's just grandstanding but if he gets results from this there will be long term consequences.
Spot will not be popular in the industry.
 
Just got an e-mail from LifeLock, which I subscribe to, telling me what to do had I used a Target card during the 'breach'.

Also an alert from Target.

Since I haven't used any credit cards at Target, no worries on my part. Still,not a good thing at all.
 
Buff14 said:
RedDog said:
Now a problem with gift cards?

http://www.aol.com/article/2013/12/31/target-reveals-big-error-on-gift-card-activations/20798367/?icid=maing-grid7%7Chtmlws-main-bb%7Cdl2%7Csec1_lnk3%26pLid%3D425376
Click to expand...

Cashiers were scanning the QR code instead of the barcode on the gift cards. There was an urgent news about this for a couple of weeks.
Click to expand...

Why the heck is there a QR code on the gift cards to begin with. Granted the only giftcard that ever gave me an issue before was the multipacks of disc giftcards (whatever those were called), but they REALLY need to keep it simple as possible when designing them.

edit: Found a giftcard with one on it, it's a stupid cellphone santa game, great job planning on that one Target!
 
Last edited:
Our leadership told us today, when you are at the register, do not ask guests to sign up for red cards.


That is NOT a good sign. Does that mean that there are still security issues?
 
Status
Not open for further replies.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top