Credentials stolen from a Target vendor were used to gain access to the retailer's computer systems and steal millions of card accounts.
“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system,” wrote Target spokesman Molly Snyder in an email, adding the retailer had already removed the malware from its system.
The report echoes what the FBI reported in a confidential report to retailers earlier this month, which said even malware that can infect POS terminals to steal data generally still needs help to infect computer systems. In order for such a malware package to get onto a system, the FBI wrote, it must first enter through a more conventional security breach such as a one exposed in a successful phishing attack or conventional compromise of a website.
This suggests the best way to prevent sophisticated data theft attacks may be to double down on familiar types of internet security, such as not opening email from unknown people. The loss of credentials should also be reported immediately.
But as familiar as those precautions may be, one credit union security executive pointed out that while driving, people have long known they are supposed to signal changing lanes, but many do not.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
