Target Admits Data Breach May Have Up To 110 Million Victims 213
Nerval's Lobster writes "Retail giant Target continues to drastically downplay the impact of the massive data breach it suffered during December, even while admitting the number of customers affected is nearly twice as large as it had previously estimated. Target admitted today the massive data breach it suffered during the Christmas shopping season was more than twice as large and far more serious than previously disclosed. A Jan. 10 press release admits the number of customers affected by the second-largest corporate data breach in history had increased from 40 million to 70 million, and that the data stolen included emails, phone numbers, street addresses and other information absent from the stolen transactional data that netted thieves 40 million debit- and credit-card numbers and PINs. 'As part of Target's ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach' according to Target's statement. 'This theft is not a new breach, but was uncovered as part of the ongoing investigation.' The new revelation does represent a new breach, however, or at least the breach of an unrelated system during the period covered during the same attack, according to the few details Target has released. Most analysts and news outlets have blamed the breach on either the security of Target's Windows-based Point-of-Sale systems or the company's failure to fulfill its security obligations under the Payment Card Industry Data Security Standard (PCI DSS)."
Re:Target needs to be sued (Score:4, Insightful)
Negligence perhaps, but where's the conspiracy that applies to fraud? Are you saying that target is the benefactor of the said breech?
Really, the companies in the states are just starting to roll out chip&pin like the rest of the world, while not a perfect system by any stretch, it's a hell of a lot better than magstrip only. If you're going to go negligence, I'd start right at the top with the CC companies who've been dragging their feet for the last 5 years.
Re:Target needs to be sued (Score:5, Insightful)
By the major credit card companies for gross negligence and conspiracy for fraud.
No, the major credit card companies need to be sued by the entire US population for setting up the entire credit card processing system in this nation to be a sick a security joke. A plaintext number embossed on a plastic card available for every restaurant waiter to jot down? Give me a break.
The only piece of sensitive info used during a credit card transaction should be a private key that stays inside in a tamper-resistant chip embedded inside my credit card. Everything else should be encrypted, and not even seen by parties such as waiters or Target.
Re:That's the whole country (Score:5, Insightful)
Snowden didn't have any "revelations". The revelations were that there's a spy agency that (wait for it) spies on people.
I normally like and agree with your posts, but here you are pretty far off-base.
what snowden taught us is that the nsa is totally out of control and going WAY beyond their charter.
yes, that is information we did not have before and its powerful information.
Re:Am I the only person who doesn't care anymore? (Score:4, Insightful)
I care, but I don't think there's anything I can do about it. Until we stop waiting for the "free market" to come up with a solution and regulate better credit card security, nothing will change. Vendors are just going to roll the dice and hope nothing bad happens. I consider myself very caution and I've had 3 fraudulent uses of my card 3 times already (thankfully the bank didn't charge me).
Re:That's the whole country (Score:4, Insightful)
Yes, let's just give up and go back to checks -- nobody ever committed fraud with those!
I like a reductio ad absurdum as much as the next guy, but I think a better response would be to forward to something more secure. I'm sure you or any other Slashdotter could think of something clever, but at the very least we could do what every other country does and put security chips in the credit cards. [wikipedia.org]