|
|
|
|
| Author |
|
|
Registered
Join Date: Jul 2008
Location: OK
Posts: 12,730
|
Cards Stolen in Target Breach Flood Underground Markets
__________________
76' 911s Signature Edition |
||
12-21-2013, 12:51 PM
|
|
|
Registered
|
"we allowed your information to be compromised. sorry about that. here's a 10% off coupon for your next purchase...."
__________________
-mike |
||
|
12-21-2013, 12:52 PM
|
|
|
Registered
Join Date: Sep 2001
Location: Dismal Nitch, AZ
Posts: 9,042
|
"...on Dec. 21 and 22."
. So, rush right in there and BUY!
__________________
Don . "Fully integrated people, in their transparency, tend to not be subject to mechanisms of defense, disguise, deceit, and fraudulence." - - Don R. 1994, an excerpt from My Ass From a Hole in the Ground - A Comparative View |
||
|
12-21-2013, 01:00 PM
|
|
|
The Unsettler
Join Date: Dec 2002
Location: Lantanna TX
Posts: 23,885
|
Our new cards showed up today.
Wifey is in the kitchen activating as I type this. We were not taking any chances. |
||
|
12-21-2013, 01:09 PM
|
|
|
Recreational Mechanic
|
Wow, I just went on Target.com. There is no mention of the breach on the front page. Should be a HUGE banner at the top of the page. Goes to show you how much they care about their customers vs. profits at the holiday season.
For a company that already has a very bad track record for refusing to support local charities, local schools, etc this sure doesn't help them.
__________________
P Cars: 2022 Macan GTS / One empty garage space ---- Other cars: 2019 Golf R 6MT / 2021 F-250 Diesel / 2024 Toyota GR86 6MT ---- Gone: 1997 Spec Boxster Race Car, 2020 GT4, 2004 GT3, 2003 Carrera, 1982 911SC, 2005 Lotus Elise and lots of other non-Porsches PCA National DE Instructor #202106053 / PCA Club Racing / WRL Endurance Racing |
||
|
12-21-2013, 01:45 PM
|
|
|
Used Up User
|
The process of selling cards in that link is pretty interesting. Brokers buy & sell blocks on forums & they even can sell you local lots of cards so the end user will be local but the info might have bounced through a Russian mobster's hands on the way.
VISA frauded my business card briefly yesterday due to strange purchases but they were all legit & the card was turned on again. Ian
__________________
'87 Carrera Cab ----- “Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.” A. Einstein ----- |
||
|
12-21-2013, 01:52 PM
|
|
|
|
NYC
|
Quote:
|
||
|
12-21-2013, 02:41 PM
|
|
|
Eva
|
Is this only impacting "Target Cards" or anyone who swiped a card there?
My wife and I are always getting something at Target...
__________________
'78 SC Targa ~Brynhild~ Insta: @911saucy "The car has been the cave wall on which Industrial Man has painted his longings and desires." -Eddie Alterman- |
||
|
12-22-2013, 05:39 AM
|
|
|
Registered
Join Date: Jul 2003
Location: Perfidious Albion
Posts: 4,184
|
Quote:
This seems a little strange/unlikely - but I haven't bought anything at Target in over 4 years, so I don't much care 
__________________
'77 S with '78 930 power and a few other things. |
||
|
12-22-2013, 06:13 AM
|
|
|
non-whiner
Join Date: Aug 2012
Location: Slightly right of center
Posts: 5,235
|
Any card used at Target during the period. We never shop at Target, but a couple of weeks ago the wife asked me to pick up some silver polish and cloths. Guess where I just happened to stop?!
__________________
"Too much is just enough." |
||
|
12-22-2013, 06:52 AM
|
|
|
Functionista
Join Date: Jul 2011
Location: CO
Posts: 7,717
|
Bad as this sounds, ransomware is even worse.
Coin of the realm, I say......
__________________
Jeff 74 911, #3 I do not disbelieve in anything. I start from the premise that everything is true until proved false. Everything is possible. |
||
|
12-22-2013, 07:53 AM
|
|
|
Registered
|
Anyone know what penalties and liability Target will face over this?
My impression is that companies don't pay a very heavy price for failing to secure their customers' data, whether credit cards or passwords. There have been many incidents where millions of peoples' credit cards and account/passwords have been stolen, frequently due to poor security practices by companies who had those peoples' information in their databases. I don't recall many reports of the companies paying heavy fines or their management suffering serious consequences. Target's card theft isn't expected to hurt the company much. It is not quite, but almost, business as usual. Here is an article describing a similar theft of 100 million credit card numbers from TJ Maxx. The company eventually spent $250MM on lawsuits, fines, and improvements to its technology. Some of that probably needed to be spent anyway (IT investment), and anyway it is a small sum vs TJX's $20 billion/year in sales. The company's stock didn't get hurt, investors didn't care at all, none of the C-level executives suffered any consequences. Target's Credit Card Breach Is Bad, But Won't Hurt Business Much 40 million account passwords were lost at Adobe, 6 million at LinkedIn, there are dozens more like this, and a new one every month or three. Do the companies that obtain and store our personal information have enough incentive to harden their security?
__________________
1989 3.2 Carrera coupe; 1988 Westy Vanagon, Zetec; 1986 E28 M30; 1994 W124; 2004 S211 What? Uh . . . “he” and “him”? |
||
|
12-22-2013, 08:29 AM
|
|
|
|
Registered
Join Date: Oct 2005
Location: Capistrano Beach, Ca.
Posts: 7,235
|
Quote:
It is still "cost effective" for these companies and banks to cover the losses for their customers, issue new cards, and pay settlements on suits. These costs are then passed on to the customers in the form of higher prices, new or higher fees, and cuts in services under the guise of the ever popular, cost of doing business. Money, of course, is what drives these companies and money (or loss of it) is the only real incentive to get them to take personal security more seriously. We all know that any secure system can be breached--it's an on-going battle that ratchets up the level of security and the sophistication of the breaches whenever it is fought. The penalties should be aimed at those companies that fail to keep pace with the escalating need for more complex and secure systems. Yes, meaningful monetary penalties may work, but loss of public trust and its patronage is more direct and painful. As long as the general public can live with their loss of personal information being bought off by financial loss coverage and new card or account issuance, there will be no great incentive for companies to improve.
__________________
L.J. Recovering Porsche-holic Gave up trying to stay clean Stabilized on a Pelican I.V. drip |
||
|
12-22-2013, 09:04 AM
|
|
|
non-whiner
Join Date: Aug 2012
Location: Slightly right of center
Posts: 5,235
|
How many on here use the same password for multiple secure sites? Same for your gmail account as your online banking? You don't have to answer, but research shows many baby boomers do. These are the same people with the highest incomes. The same people using more and more handhelds and using Facebook and LinkedIn in increasing numbers. Is it just an inconvenience that your LinkedIn or Facebook password is stolen? How about that phishing email you receive later that looks legit and you feel better when it reminds you not to enter your password for security purposes, but they will need your bank account number? Couldn't be harmful, it's on all your checks right?
My point is that nothing is really safe and you/we can't expect business to protect us passed a certain point. Europe has had chip and pin in credit cards for almost ten years, why not us? In the UK, your credit card never leaves your sight. Why not here? Our head of security copied my credit card onto a hotel key in about 20 seconds as a demo using a handheld scanner. I later used it to get gas. Protect yourself, take advantage of credit monitoring and get new cards if you were possibly exposed. Take no chances! Be personally accountable!
__________________
"Too much is just enough." |
||
|
12-22-2013, 09:24 AM
|
|
|
Registered
Join Date: Oct 2005
Location: Capistrano Beach, Ca.
Posts: 7,235
|
Quote:
Yes, Europe and much of Asia use smart cards with encryption chips that make scanning and subsequent individual thefts much more difficult. The U.S. is the only large country that still uses magnetic stripes and that is why the thieves target (no pun intended) the U.S. in these types of thefts. Why is it so? Because of the expense of converting the entire system to encryption technology. The entire infrastructure of the U.S. credit/debit/atm card system is based around this magnetic strip. Europe is way ahead. We have not taken more than a baby step in the chip-embedded technology. Think of it as changing over from gasoline as a fuel to fuel cells. Not only is our distribution system based around gasoline (refining, trucking, pipelines, stations and pumps), but the internal combustion engine and its ancillary support (auto repair shops, muffler shops, etc.)are as well. Changing to another fuel that require new infrastructure is very disruptive and is met with the inertia of the existing system. Once your information is in the system, regardless if the cards chipped or not, the controllers of that system--the companies and the servers they employ--are responsible. The Target incident could very well have been a hack into their corporate servers. This is where the incentives should be aimed to keep these things secure. As mreid said, it is up to us to protect our information as best we can, and we must always assume that it may still be compromised by someone or some company further down the line.
__________________
L.J. Recovering Porsche-holic Gave up trying to stay clean Stabilized on a Pelican I.V. drip |
||
|
12-22-2013, 10:23 AM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,346
|
PCI Compliance
The over-arching regulating body for credit card information security is the card industry itself - it is referred to as PCI Compliance or PCI Security Standards.
https://www.pcisecuritystandards.org/ It is a standards body lead by the industry stake holders like AMEX, Visa, MC, including some of the companies that provide security technologies that are depended on for this privacy and security. I've worked quite a lot in this industry and have consulted for a number of companies in their efforts to maintain and become compliant. Unfortunately the challenges are not 'static' and they evolve ahead of the security technology at times. With that happens to companies who are doing a good job of trying to stay ahead of the curve it's a bummer but when it happens to a company that was not doing a good job or even the bare minimum to maintain security then they were simply asking for it. It isn't when are you going to get hacked it's where have you already been hacked if you're a large company with credit data stored. Still, the scope of this sounds very much like an inside job to me and all the PCI compliance in the world isn't going to stop an inside job if the insider was on the security staff or had administrative rights. PCI compliance is actually a pretty good set of guidelines - compared to HIPAA which is really about recommendations and not requirements as I understand it. I'm starting to consult on HIPAA as well and finding it far less good. HIPAA is the law and it is lame. PCI is the industry and it is not lame. You want a simple law probalby that says the data must be 'secure and private or else your organization is liable for the fraud.' Outside of that, like what HIPAA tries to do - the law should not outline the way it is done outside of saying using 'industry best practices designed to been the evolutionary curves of security breaches.' Let a judge decide if they did their due diligence and if they did they did and if they didn't they are liable for all the consequences of not being diligent. In my opinion at least...
__________________
-The Mikester I heart Boobies Last edited by mikester; 12-22-2013 at 01:32 PM.. |
||
|
12-22-2013, 01:28 PM
|
|
|
Bollweevil
Join Date: Dec 2003
Location: Fulshear, Texanistan
Posts: 3,363
|
Daughter shopped at Target several times during that time frame. She got a call last night from credit card company wanting to know if she was purchasing gift cards at Walgrens?
__________________
Jack 74 911 Coupe 2.7L - K21 Option - S suspension |
||
|
12-22-2013, 02:33 PM
|
|
|
Bollweevil
Join Date: Dec 2003
Location: Fulshear, Texanistan
Posts: 3,363
|
Quote:
__________________
Jack 74 911 Coupe 2.7L - K21 Option - S suspension |
||
|
12-22-2013, 02:35 PM
|
|
|
Registered
Join Date: Oct 2005
Location: Capistrano Beach, Ca.
Posts: 7,235
|
Quote:
Quote:
__________________
L.J. Recovering Porsche-holic Gave up trying to stay clean Stabilized on a Pelican I.V. drip |
||
|
12-22-2013, 03:11 PM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,346
|
The identity information is useful as well since they can use that to fraudulently apply for new credit lines.
__________________
-The Mikester I heart Boobies |
||
|
12-22-2013, 04:47 PM
|
|
911SC 3.0
1987 Porsche 911 Carrera Cabriolet 3.2
911 Twin Turbo
Boxster
Grand National
997 Carrera
Eva
Das Eos-Gone But Not Forgotten...
Battle Wagon
1989 Porsche 911 Carrera 3.2
