The latest breach isn’t Target’s first breach it turns out. Back in 2005 they were compromised as well. If this report is true many retailers have not upgraded to modern security on their front ends in over 10 years. If this is true the big box stores are going to have serious problems for quite some time.
A gang of shadowy hackers tears through the systems of big-box retailers, making off with millions of credit and debit card numbers in a matter of weeks and generating headlines around the country.
Target and Neiman Marcus in 2013? No: This oh-so-familiar attack occurred in 2005.
That’s when Albert Gonzalez and cohorts – including two Russian accomplices — launched a three-year digital rampage through the networks of Target, TJ Maxx, and about half a dozen other companies, absconding with data for more than 120 million credit and debit card accounts. Gonzalez and other members of his team were eventually caught, and he’s now serving two concurrent sentences for his role, amounting to 20 years and a day in prison, but the big-box breaches go on.
The latest string of hacks attacking Target, Neiman Marcus, and others raise an obvious question: How is it possible that nearly a decade after the Gonzalez gang pulled off their heists, little has changed in the protection of bank card data?
Target got off easy in the first breach: A spokeswoman told Reuters that only an “extremely limited” number of payment card numbers were stolen from the company by Gonzalez and his gang. The other companies weren’t as lucky: TJX, Hannaford Brothers grocery chain, the Dave & Busters restaurant chain, Office Max, 7-Eleven, BJ’s Wholesale Club, Barnes & Noble, JC Penney, and, most severely, Heartland Payment Systems, were all hit hard.
This time around, if past is prelude, Target will be forced to pay out millions in fines to the card companies if it’s found that the retailer failed to properly secure its network, as well as pay reparation to any banks who had to issue new cards to customers. In addition, class-action lawsuits are already being filed against Target by customers, and lawmakers are lining up to make an example of the retailer.
But Target’s latest misfortune should have come as a surprise to no one — least of all to Target itself. The security measures that it and other companies implement to protect consumer data have long been known to be inadequate. Instead of overhauling a poor system that never worked, however, the card industry and retailers have colluded in perpetuating a myth that they’re doing something to protect customer data — all to stave off regulation and expensive fixes.
“It’s a big failure of the whole industry,” says Gartner analyst Avivah Litan. “This is going to keep getting worse, and this was totally predictable a few years ago and no one did anything. Everyone got worked up, and no one did anything.”