I finally got around to reading this fascinating report by Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack for Bloomberg Businessweek. This goes far beyond other media coverage about how Target “missed” or “ignored” FireEye alerts and really gives more details of how the breach occurred.
Category: Malware
Security firm report says Target data hack was low tech
Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Notice of Data Security Event – City of Pleasantville, New Jersey
On October 8, 2013 the City of Pleasantville (“Pleasantville”) discovered that a computer used by a Pleasantville employee was infected with malware. Pleasantville commenced an internal investigation into this incident. Pleasantville retained independent, third-party forensics experts to confirm the extent of this malware intrusion and to assist in remediating the issue. Pleasantville retained privacy and…
Thieves Jam Up Smucker’s, Card Processor (update 1)
Brian Krebs reports: Jam and jelly maker Smucker’s last week shuttered its online store, notifying visitors that the site was being retooled because of a security breach that jeopardized customers’ credit card data. Closer examination of the attack suggests that the company was but one of several dozen firms — including at least one credit card processor — hacked…
Detroit reports recent computer security breach affects city workers (updated)
Associated Press reports: Detroit says a recent computer security breach affected files that contained personal identifying information of a large number of city employees. The city says in a statement that Beth Niblock, Detroit’s chief information officer, plans to discuss the breach during a Monday news conference. Read more on ABC. I’ll update this post…
More details emerge on 80sTees breach disclosed in 2013
Back in April 2013, 80sTees (80sTees.com) notified a number of state attorneys general that their customer payment card data had been compromised. According to reports to New Hampshire, Vermont, Maryland, and California: on January 29, 2013, the Pennsylvania-headquartered firm was asked by Discover to examine their system after suspicious charges were noted on customers’ cards following purchases…