Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
How Target missed security warning signs: Businessweek
NEW YORK (3/14/14)--A team of security specialists. A $1.6 million malware detection tool. Compliance with payment card industry (PCI) standards. With these tools in place, retail giant Target still suffered one of the biggest data security breaches late last year.
According to a report in Thursday's Bloomberg Businessweek, Target didn't react to the red flags that went up--resulting in the compromise of more than 40 million credit and debit card numbers and 70 million addresses, phone numbers and other personally identifiable information.
The hackers' activity was detected Nov. 30 not only by the malware detection tool from FireEye but by security specialists in Bangalore. "Had the company's security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happed at all," Businessweek wrote.  
The Target data breach cost credit unions an estimated $30.6 million, according to a survey by the Credit Union National Association (CUNA), and future fraud could increase these costs. Credit unions are among the plaintiffs in more than 90 lawsuits that have been filed against Target.
In an email to Businessweek, Target Chairman/President/CEO Gregg Steinhafel stated, "Target was certified as meeting the standard for the payment card industry in September 2013. Nonetheless, we suffered a data breach ...  we have already taken significant steps, including beginning the overhaul of our information security structure and the acceleration of our transition to chip-enabled cards."
CUNA has asked Congress to address data security relative to merchants, who are not held to the same standards of security as financial institutions. In particular, CUNA suggests all payment system participants are held to comparable levels of federal data security requirements; those responsible for the data breach are responsible for the costs of helping consumers; and ensuring consumers know where their information was breached.
The stream of consumer data continues to flow from companies that hold the information of millions of people. Earlier this week, KrebsOnSecurity reported that 200 million consumer records held by Experian had been compromised (March 10).
The information was siphoned from Experian, one of the three major U.S. credit bureaus, through a company it had purchased in 2012. That company--Court Ventures--had an agreement to share consumer information with US Info Search and vice versa.
Through his connection with Court Ventures, Hieu Minh Ngo, a 24-year-old Vietnamese national, allegedly allowed customers of his identity-theft service to access the data.
In the transcript of Ngo's guilty plea in New Hampshire District Court, investigators found that his customers made about 3.1 million inquiries on American consumers over 18 months.
KrebsOnSecurity wrote, "At this point the government does not know how many U.S. citizens' [personally identifiable information] was compromised, although that information will be available in the near future," according to U.S. Attorney Arnold Huftalen.
Other Resources


News Now LiveWire
Construction spending drops in January, according to @CommerceGov #Market #NewsNow
13 hours ago
During Nat'l Consumer Protection Week, @TheNCUA reminds #CU members of agency resources re: rights as consumers.
14 hours ago
.@TransUnion: #millennials climbing into driver's seat with loans
15 hours ago
Breaking at #NewsNow: @CUNA backed bill introduced by @RepEdRoyce @GregoryMeeks would raise MBL cap. #CUSmallBiz
16 hours ago
Loan growth at federally insured #creditunions in 2014 climbed to highest level since 2005, @TheNCUA reported today. Watch News Now Tues.
17 hours ago