Security Update: Once More Into the Breach

U.S. Senators Jay Rockefeller and Claire McCaskill sent a letter to Target CEO Gregg Steinhafel, requesting that he brief the Senate Commerce, Science and Transportation Committee and explain how information from more than 70 million customer accounts was stolen.
"It has been three weeks since the data breach was discovered and new information continues to come out," they wrote in the Jan. 10 letter. "We expect your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the committee with detailed information."

A Target spokeswoman told the Minneapolis Star Tribune that the company had received the letter and was "continuing to work with them and other elected officials to keep them informed and updated as our investigation continues." She did not say when Target officials might meet with Commerce Committee members.

Seperately, Target announced that it's providing $5 million to support a new cybersecurity coalition that will educate the public on the dangers of cybercrime and phishing scams. The National Cyber-Forensics & Training Alliance, National Cyber Security Alliance and Council of Better Business Bureaus will partner with Target to facilitate the program which Target hopes will increase the public's awareness about cybersecurity.

Mallory Duncan, general counsel of the National Retail Federation, told Reuters that the trade group encouraged its members to upgrade to the higher-security cards even though they cost more than old systems that store data on magnetic stripes. He said the breaches were unfortunate but not entirely surprising and called for stricter security standards.

Neiman Marcus has not revealed any more details regarding its data breach following the Jan. 13 revelation that customer accounts had been compromised, but it has raised growing concern that additional retailers may have been effected as the scope and complexity of the operation has yet to be discovered.

The topic of security was on everyone's mind at Retail's BIG Show this week. So awful was the security breach at Target — and the subsequent news of Neiman Marcus' — that the subject was mentioned in hushed tones, met with shaking heads or a sharp intake of breath.

"The level of sophistication, this was Ocean's 11-like sophistication," said Greg Buzek, founder, IHL Consulting Group. "I'm just glad it's not me. It's been a rough few weeks for those of us who care about retail."

FierceRetail's Nicole Marie Melton spoke with Neal Maguire, senior consultant of investigative response at Verizon about the security breaches and what can be done to secure customer data:

We're the forensic investigators, so when our customers have a security breach we get brought in to conduct forensic investigations to get an understanding of the scope, magnitude, duration and impact of the security breach and what the attack vectors were that were leveraged by the criminals to get access to sensitive data. We then get an understanding in terms of what the steps are to contain the effects of the breach so that the organization is secure going forward and that data is not exposed to compromise.

For more see:
-The Aftermath of A Data Breach: What To Do Now?
-This Reuters article

Related stories:
Neiman Marcus Confirms Credit Card Data Breach
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
More Target Trouble: Thousands of Gift Cards Fail to Activate
Target Admits Encrypted PIN Data Was Stolen In Data Breach
Macy's And Barneys Among Stores To Post Shoppers' 'Bill of Rights'