The breach at Target Corp. that compromised as many as 40 million payment card accounts, along with the personal information of about 70 million customers, was the result of hackers stealing electronic credentials from a vendor, the retailer reports.
Retail data breaches are growing. ISight Partners' Tiffany Jones, a researcher who helped the Department of Homeland Security prepare its report about malware attacks, offers new insight into the latest cyber-attacks.
While details surrounding a suspected breach at Michaels remain unclear, two U.S. card issuers say they believe the retailer was targeted by point-of-sale malware similar to what compromised Target and Neiman Marcus.
Representatives of the American Bankers Association, the National Retail Federation and the PCI Security Standards Council are among those slated to testify at a Feb. 3 Senate hearing on safeguarding consumers' financial data.
Arts and crafts retailer Michaels is looking into a possible data breach that may have led to fraudulent activity on U.S. payment cards. But experts disagree about whether there's a connection to the Target and Neiman Marcus attacks.
Cybercriminals exploiting weaknesses in how users employ passwords is a significant factor behind an increase in records exposed in breaches during 2013, says Craig Spiezle of the Online Trust Alliance.
When did the Neiman Marcus data breach occur? The retailer says it may have begun last July, but banking and fraud experts point to evidence that suggests the breach actually may have occurred a year ago.
Evidence is mounting that the breaches reported by Target and Neiman Marcus are part of a wider assault against U.S. retailers. Meanwhile, payment card-issuing institutions say they're taking proactive steps to keep fraud at bay.
Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks to a 17-year-old hacker in Russia, offers an exclusive, in-depth explanation of his company's findings.