Target Already Feeling the Aftermath


2013 roared to a close on the strength of one of the biggest data breaches in history, leaving tens of millions Target customers left frustrated, anxious and angry in its wake. They should be: it’s their private payment information and personal data that was compromised while doing their holiday shopping. Even though that number is huge, and the resulting losses could become painful for any one of them individually, Target will be the one standing to take the single biggest monetary hit as a result of this big mess.It could be a record setter, but it will take months and more to tally the full effect of the initial breach and its aftermath. Surviving and recovering from that breach is going to take some deft maneuvering and it’s going to tap a lot of resources, but it will take everything they can muster to regain lost trust and rebuild the confidence of the consumers they depend on. A ten figure range is certainly not farfetched.

Target’s already started with plans to offer customers affected by the breach a year of free credit monitoring and fraud protection, but there is a long, costly road still ahead. And they will not be on that road alone. Since the Target breach was officially announced, Niemen Marcus came forward about a similar breach they suffered, and smaller breaches at three other well-known retailers are also being investigated.

Since the attack, it has been revealed that hackers used an exploit kit called Black-POS (for Point-of-Sale), a RAM scarper that intercepts information while it is being processed in a system’s RAM memory in its unencrypted state. Black-POS is a bit of software that just about anyone can get their hands on — it costs around $1800. That is a TINY investment considering the risk to the attackers (practically none) and the potential payoff. RAM scrapers have been around for a long time, but with these incredible successes, more attempts to cash in old-school loom large. 2014 will surely see more attacks — from down and dirty Ram scrapers to incredibly sophisticated ZeroDay malware that the security industry can barely speculate on.