- CyberCrime Center
January 8, 2014
Suddenly Target has become one of the most aptly named companies in the world as attorneys general from four states (and counting) and three class-action lawsuits (and maybe more down the road) take aim at the retailer.
Connecticut, Massachusetts, New York and South Dakota have requested information about the breach. And two class action suits have been filed in California with an additional one filed in Oregon. Two of the suits are seeking damages in excess of $5 million.
Brian Krebs on KrebsOnSecurity.com notes, “Credit and debit card accounts stolen in (the Target breach) … have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card.”
For a time, to mitigate damage to the company’s reputation, Target offered customers a 10% discount in its approximately 1,800 U.S. stores, but there was no mention of a discount for customers of Target’s 124 Canadian outlets. What’s with that? Eh? Additionally CEO Gregg Steinhafel said the company would provide free credit monitoring for at-risk customers.
Mike Snider in his piece on usatoday.com quoted Daren M. Orzechowski, a New York-based intellectual property attorney with White & Case LLP, noting that “With these data security breaches, there’s usually the question of consumer confidence and trust. They [may] feel they need to do more to try to preserve consumer confidence.”
Columbia Law School professor John Coffee told Snider, “We do not yet know if Target was negligent or whether these were very skillful hackers who could have penetrated any system–but those critical factual issues seldom slow the race to the courthouse.”
In addition to states’ attorneys general and lawyers bringing class-action suits, the U.S. Secret Service is also investigating the breach, the second largest for a retailer in U.S. history, the first involved retailer TJX in 2005.
Snider reports that the breach might spur the adoption of smart cards, which instead of a magnetic strip on the reverse side, have digital chips that create a unique code every time a card is used. Of the cards currently in use, Mallory Duncan, general counsel at the National Retail Federation notes, “We are using 20th century cards against 21st century hackers.”
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Botnets, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Cyber Warfare, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud