Brian Krebs gets the scoop again: Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now tell KrebsOnSecurity that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a…
Category: Malware
Target security breach lasted longer than previously thought
David Rothberg reports: A Target Corp. official told a Senate committee that a massive security breach affecting up to 110 million holiday shoppers lasted three days longer than previously thought. Chief Financial Officer John Mulligan disclosed the latest information in written testimony at a hearing Tuesday before the Senate Judiciary Committee, which is considering ways to protect consumers’…
Target faces second credit union class action lawsuit
David Morrison reports: A second credit union has filed a legal complaint against Target over losses it said it sustained as a result of the firm’s card data breach late last year. The $38 million First Choice Federal Credit Union, headquartered in New Castle, Pa., filed its complaint in the U.S. District Court for the Western District…
Analyst sees Target data breach costs topping $1 billion
Tom Webb reports: Two months into the Target security breach, fraud is turning up on 10 percent to 15 percent of the stolen card accounts, a security specialist says. Based on that brisk level of criminal activity, one Wall Street analyst estimates that perhaps 5 million of the 40 million stolen credit and debit cards…
ChewBacca Malware Stole 49,000 Payment Card Details in 11 Countries
Mary-Ann Russon reports: Security researchers have discovered that a piece of malware named after the Star Wars character Chewbacca has been used to steal payment card and personal information 49,000 payment cards stored by 45 retailers in 11 countries. Details from the payment cards were stolen from 24 million payment card transactions over two months,…
Update: Neiman-Marcus reports breach involved two related malware insertions
In a letter dated January 25 to the New Hampshire Attorney General’s Office, retailer Neiman-Marcus disclosed some additional details concerning the breach and their attempts to address consumer concerns. As previously reported, in mid-December, Neiman-Marcus learned from its merchant processor of unauthorized payment card activity following purchases at Neiman-Marcus stores. On January 1, Neiman-Marcus learned,…