The recent data breach at Target and earlier on the US credit rating agencies is not unique. Over the past year, JPMorgan Chase, Citigroup, and other financial companies have reported breaches that have potentially put the financial information of tens of millions of consumers at risk.
The breaches at retailers, banks and other companies have been caused by a variety of attacks, including malicious software and credit card hackers who seek to “phish” for consumer data by tricking them into providing their credit card information and other personal data. Phishing attacks, which have been on the rise in recent years, often take the form of a fake email or website, which purports to be from a legitimate source that a consumer knows, like a bank or retailer. The consumer opens the email or visits the site and unknowingly gives up personal information.
Many security experts believe the Target breach was caused by a malicious software program that allows hackers to gather consumer data as it is being transmitted to the retailer’s computers.
In many cases, once hackers get a hold of credit card information they sell it on the black market. In other cases, they use the cards themselves to make purchases and launder the money through illegal operations.
But in the Target case, the cyber thieves had more in mind than just making money, said Ed Stroz, president of Stroz Friedberg, a firm that specialises in helping companies investigate breaches.
“This was purely a crime of opportunity,” Stroz said. “It was purely about stealing the data. They didn’t care about using the cards to make purchases.”
The hackers quickly sold the data to other criminals, Stroz said.
“The data is the commodity here,” Stroz said. “What they were doing was harvesting the data and then selling the data off in bits and pieces, to other cyber-criminals, who will then use it to commit fraud.”
The frequency of these types of attacks is increasing, he said.
“The cost of stealing data has gone down dramatically in the last few years,” Stroz said. “The amount of data that you can steal from a company has gone up. And the value of that data has gone up dramatically.”
Target’s sales plunge as shoppers stay away
Retailers, banks and other companies are doing a better job of protecting their computer systems, Stroz said. But the hackers are getting more sophisticated, too.
“You’re going to see more and more of these attacks as time goes on,” he said.
Target said that it had so far spent $61 million on the breach. The company will likely have to spend more on the breach, including legal fees and higher credit card transaction processing fees. Target’s stock, which is down about 15% since the breach was disclosed, dropped another 1.2% on Tuesday.