Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Target, Neiman Marcus – How Many Retailers Were Really Breached?

January 14, 2014

According to a Reuters story, there are more breaches to be revealed. After Target revealed that its breach may have impacted as many as 110 million customers and Neiman Marcus reported that an unknown (as yet) number of customers had been affected by its data breach, it appears that at least three more retailers have breaches yet to be publicly disclosed. The techniques used were similar to those used at Target.

You'll be shocked (shocked!) to hear that law enforcement sources suspect the ring leaders of the attack are based in Eastern Europe.

One of the pieces of malware they used was something known as a RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text. Visa issued two alerts last year about a surge in cyber attacks on retailers that specifically warned about the threat from memory parsing malware.

Retailers rarely come forward willingly when they've been breached for fear of harming their business. Target only acknowledged its 2013 attack after security blogger Brian Krebs reported the breach, prompting inquiries from journalists and investors.

Neiman Marcus said an outside forensics firm discovered evidence on January 1 that indicated that it had been the victim of a cyber attack. It disclosed the breach nine days later, after another inquiry from Krebs, who was following up on reports about a surge in fraudulent charges traced to the retailer. Gotta love Krebs. I've terriers less persistent in hunting rats. A fitting image for Krebs . . .

Target and J.C. Penney waited more than two years to admit that they were victims in 2007 of notorious hacker Albert Gonzalez, who was accused of masterminding the theft and reselling of millions of credit cards and ATM numbers.

Doug Johnson, vice president of risk management policy with the American Bankers Association, said banks and credit card firms like Visa are forbidden from naming merchants that have been breached, unless they disclose it themselves. This was news to me.

And this is why we need a federal data breach law with teeth.

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Target, Neiman Marcus – How Many Retailers Were Really Breached?

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer