Target Says Shopper Pin Data Stolen in Breach

REPLAY VIDEO
Your next video will start in
Pause
  • Info

  • Comments

  • VIDEO TEXT

Dec. 27 (Bloomberg) –- Parameter Security Founder Dave Chronister and Shape Security’s Michael Coates discuss the latest revelation from Target regarding pin data being stolen during the breach. They speak to Jon Erlichman on Bloomberg Television’s “Bloomberg West.” (Source: Bloomberg)

What exactly is target telling us?

Unfortunately, we are seeing a huge rise in cyber crime attacks on retailers.

Target has been breached.

They have credit card data that has been stolen.

They have put debit card dated that was stolen.

The latest information is that encrypted pin's were stolen.

In theory, the encryption should work if everything is done correctly, but there's a lot of devil in the details.

These breaches happen for a reason -- there was a weakness.

That same type of thinking or weaknesses could be present in the way they did their encryption as well.

Pin's compromised but encrypted -- what do you think of that?

I would totally agree.

Just to say that it is encrypted is not enough.

Is the algorithm unique for this system?

We have had other cases where passwords, e-mails have been encrypted, and it used a common encryption, and it would be very easy for someone to do an attack against that.

Just to say it is encrypted -- again, like michael said, the devil is in the details.

Is it a unique encryption?

A lot of times, these cases pop up, and you can only point to that one for the news of the day, and it is hard to connect all the dots, but there have been similar attacks or data breaches like this one.

Barnes & noble, i believe, had something similar.

Just last year, barnes & noble had an attack where hard data was stolen from the store.

Attackers went into 63 different stores and modified the pin device itself to physically steal the information that was entered.

What ultimately happened?

For people wondering what will happen with this target story, what happened with barnes & noble?

In these situations, there is a risk to customers.

Banks can take care of credit card fraud.

The end-user, the customer, is not at times of risk, but for debit card fraud, we have a different story because that money is being withdrawn from that account, and that can be tough for them to file complaints and get the money back.

Banks are taking proactive action.

Just a few days after target released this information, chase lower the amount that could be used or cash withdrawal and debits -- chase lowered the amount.

That's a pretty bold statement at the height of christmas season.

David, let me get you back in this conversation.

How is target in a position to make a comment like this, feel confident in saying this user data is safe and secure when, to the rest of us observing this, it really does not seem that clear that that is the case?

Again, a lot of us looking on the outside do not have all the information.

Maybe the actual intrusion was found, and it may have been on the servers, and they have not found it at the pos system itself.

There's a lot of information we do not see.

One thing i would bring up -- we talk about barnes & noble, we are talking about target -- 98% of all attacks are not even discovered.

We have to understand that it is not just these that got caught.

This is the world we are living in until we move to smart chip technology.

We are trying to put a band-aid on a hemorrhaging wound.

Coming back to michael, failing this push to smart card technology, you've got the retailers, you've got amazon, which is holding huge amounts of data on behalf of people right now, you've got the rise of new payment systems, and you put all these together, and there are a lot of unknowns.

It's a very complex system, and at the end of the day, there is valuable data in these systems -- user data, credit card data, money.

We have cyber criminal organizations that are intelligent.

They are advanced.

They are targeting all these things.

When you think about what they are doing, they are distributing these attacks against all these systems to cause damage ultimately to pull out money because it is a full underground business.

Right now, you can purchase the compromised target credentials for around $30 on the black market.

Before we go, if you were somebody shopping at target during the holidays, what do you do?

Watch your credit cards.

Make sure that you do not see

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change