Several security researchers have commented on how vociferously Target had insisted that the data on its hard drives had been encrypted using strong encryption. Memory scrapers are an attack vector that can bypass on-disk encryption techniques.
Visa Inc issued two alerts last year about a surge in cyber attacks on retailers that specifically warned about the threat from memory parsing malware.
...
It was not clear whether Target's security team had implemented the measures that Visa had recommended to mitigate the risks of being attacked.Yet a law enforcement source familiar with the breach said that even if the retailer had implemented those steps, the efforts may not have succeeded in stopping the attack.
Last week, Target admitted that its security breach compromised on the order of 110 million cards, which puts it in the top tier of such security breaches.
While the people responsible for the Target hack have not been identified, Krebs identified one person who has been selling credit card numbers that were stolen from Target.
UPDATE: CNET has an interesting article where Target describes the reasons for the delay in notification about a breach that was discovered on Dec 15. It amounts to "we were trying to get ready for the storm."
No comments:
Post a Comment