US high-end fashion chain Neiman Marcus admitted last week that it is the latest in the retail sector to have suffered a security breach, potentially putting customer debit and credit card numbers at risk. The announcement coincided with the revelation that
the recent Target breach was larger than expected
, compromising as many as 110m of its US customers.
Some analysts insist that there were even more retailers who were breached over the holidays, who have yet to come forward.
On 10 January,
Krebs on Security
reported that Neiman Marcus has teamed up with the US Secret Service and a forensics firm to investigate a
December data breach
. The retailer has yet to disclose how many customers may have been affected by the hack, though it said via Twitter it has been notifying shoppers whose card information was ‘used fraudulently’. Neiman Marcus said in a statement that it has “begun to contain the intrusion” and it is taking “significant steps” to enhance its security.
Target, meanwhile, admitted that its
– which compromised customers’ names, credit and debit card numbers, expiration dates, encrypted personal identification numbers (PINs) and card verification value (CVV) codes – also exposed mailing addresses, phone numbers and email addresses of 70m customers. It later adjusted the number to 110m. This admission came about three weeks after the retailer’s initial acknowledgment that 40m of its customers had been affected by the breach.
Although there is no proof that the breaches were related, Reuters reported that Neiman Marcus and Target were
not the only retailers hit over the holidays
. Sources told Reuters that at least three other major retailers incurred smaller breaches, and the attackers used similar tactics to the ones used in the Target hack. Additionally, similar attacks may have occurred earlier in 2013.
One source believes that the hackers used a ‘RAM scraper’, which is a Trojan that allows a hacker to steal encrypted data that appears in plain text as it moves through the live memory of a computer. Visa published alerts in April and August about such memory-parsing malware. However, the RAM scraping attack on Target is believed to have been more sophisticated than the ones Visa warned about, so even if the retailer heeded Visa’s advice, it might not have mattered.
Additionally, another source told Reuters that the memory-parsing attacks were not the only types of attacks that hackers used.
Avivah Litan, security analyst for Gartner, said that she has learned of another set of breaches that dates back a few months before the Target breach. “Target was not the only retailer who got hit, but they got hit the biggest,” she said.
Litan added that the attacks launched before the Target breach were most likely trial attacks that helped the hackers perfect their techniques.
In today’s digitally connected world, infinite quantities of data are produced by consumers daily at a mind-boggling pace and volume. With under three months left to prepare, here are four areas for businesses to consider, to make sure they are ready for GDPR implementation.
Cash-flow based metrics now feature prominently alongside traditional revenue measures of business performance in the key figures or financial summary pages of any public company.
GTNews asks Pugsley about what advice she would give to treasurers dealing with mergers and acquisitions, what the key challenges for her year ahead will be and how she is selecting a treasury management system (TMS).
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.