14 DAY TRIAL // On Thursday, retailer giant Target revealed suffering a data breach in which 40 million payment cards might have been compromised. All those who had used their credit cards at Target stores in the US between November 27 and December 15 are impacted.
There’s an ongoing investigation into the matter so Target and law enforcement authorities are not providing any details on how the attackers managed to pull off such a major operation.
While many people agree that cybercriminals have used a piece of malware to exfiltrate the information, it’s uncertain if it had been installed remotely, or by a malicious insider.
“Given that Target has instituted so many security controls, I’d be very surprised if the breach occurred because malware was installed on POS devices or in local store systems. My guess is that the data was stolen from Target’s switching system for authorization and settlement,” noted Avivah Litan, vice president and distinguished analyst in Gartner Research.
However, Litan says she’s not convinced that the attackers inserted the malware remotely. It could have been the work of an insider, like in the case of the Heartland Payment Systems breach, in which a call center employee copied information on a USB drive every day.
Security experts cited by The New York Times also support the insider theory. They believe that an employee could have planted the malware.
On the other hand, cybercriminals from a remote location might have tricked an unsuspecting staff member into opening an attachment or clicking on a malicious link.
Target noted that the attackers gained access to names, credit and debit card numbers, card expiration dates and CVVs have been compromised.
It remains to be seen how the company handles the incident. As Avivah Litan points out, Target faces fines, class actions and other penalties from credit card issuers.