Target Credit Card Breach's Origin? A Simple Phishing Email - Report
Human error: what a big mess it can make. New details in the credit card breach that hit Target stores over the holiday shopping season point to a phishing email sent to Target's refrigeration contractor as the staring point of the whole debacle.
Reporter and cybersecurity expert Brian Krebs once again has broken the Target credit card breach case wider open on his blog Krebs on Security, after previously narrowing down the digital break-in to the login credentials of a local heating, ventilation, and air-conditioning (HVAC) contractor.
Putting aside the idea that the people over at Fazio Mechanical -- an HVAC firm in Sharpsburg, Pennsylvania -- were involved in an international plot to commit one of the largest financial data thefts in history, Krebs' sources have pointed to a possible malware-laced email that an employee at Fazio Mechanical accidentally opened.
It appears the email malware was installed two months before the Target credit card data breach began, and once hacked, the malware stole the login credentials needed to get into Target's network. As they say, the rest is history.
Krebs says Fazio Mechanical has indeed been cleared of wrongdoing, writing, "there is no question that, like Target, Fazio Mechanical was the victim of cybercrime." But that doesn't mean the HVAC company is not partially responsible. According to Krebs, while the company said it was in "full compliance with industry practices," the company wasn't exactly tough on malware in its networks. It was running a free version of Malwarebytes Anti-Malware, which doesn't offer real-time protection against viruses. For that, you need to shell out $25.
Like the case for immunization, this is another example of why it's important for everyone to protect their computers and networks from viruses - being lax on malware may just affect you, but it might end up snowballing into a case where over 100 million people have their data end up for sale on the black market on the other side of the world.
Target's credit card breach was one of the largest publically known cybercrimes in history. An estimated 40 million Target customers' credit card numbers and security codes were exposed between Nov. 27 -- days before the Black Friday shopping rush -- and Dec. 15, 2013. An additional 70 million customers' personal information, like names and emails, were later found to be exposed by the breach as well.
And other retailers seem to have been affected, too. Neiman Marcus confirmed that 1.1 million customers of their stores had their card information exposed, and at least five other unnamed retailers have been added to the case. The FBI has told all U.S. retailers that they are also at risk, as more attacks are presumed to be ongoing.
Possibly stemming from one act of human error -- opening a suspicious email when we all (should) know not to -- the rash of cybercrime at retail stores has become a big enough problem that Congress has held hearings and the Obama Administration has decided to act, in order to upgrade consumer credit card technology to hopefully fend off more data theft.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!