Target is not alone: Neiman Marcus and others hacked

As the story keeps getting worse and worse for Target, attention may soon be shifting to other retailers as word comes out that the same attack methods may have been used on at least four other well-known retailers last month.

Early Saturday morning, the Chicago Tribune reported that high-end retailer Neiman Marcus was breached and that customer credit and debit card information was stolen. There are no specific details on the number of stolen records, or whether the same attack that was used against Target was used in this case, but it was confirmed that the attacks occured in December and were identified on January 1st by an independent forensics team.

Even more scary? The Chicago Tribune has posted word that at least three other retailers have also been breached but information has not formally been released to the public. While sources have not provided much information, they believe the same group that attacked Target was involved. All of the unannounced retailers allegedly have outlets in malls, meaning Target's competitors such as WalMart and K-Mart are probably not involved.

Does this rash of security incidents shake your confidence in using credit and debit cards? Will American banks and retailers look into rolling out the more secure "chipped cards" that are used in Europe? Time will tell.

Source: Chicago Tribune (1 and 2) | Image courtesy of Chicago Tribune

Report a problem with article
Previous Story

Microsoft Twitter accounts hacked by SEA

Next Story

Review: Keep your New Year's resolutions with Fitbug Orb

36 Comments

Commenting is disabled on this article.

There's no doubt in my mind there's a lot more companies (of all sizes) getting hacked than is being publicized, and a lot of them simply don't have the balls to come clean about it and are just hoping they can sweep these things under the rug. If they even know about these breaches in the first place.

Is the mandatory reporting of security breaches a federal law yet?

Like many others above, my bank and credit card alert me via text and email whenever there is any activity on my account - a deposit, withdrawal, purchase, of any amount triggers this. I was able to detect one fraudulent charge at a gas station thanks to these alerts. The charges were reversed and I received a new card, no questions asked. I don't think I'm bulletproof, but I feel relatively secure about this.

My greater concern is what this means for commerce in general. Last I'd heard, the cost of identity theft was up into the millions of dollars per year. I can feel fine about the bank reversing charges and returning money to my account so that it didn't cost me anything, but it cost someone: perhaps the bank, the vendor, an insurance fund, and/or a police investigation... and if it happens in large enough numbers then I'm affected, even if my bank account isn't touched. For that reason, I hope that there are some very serious efforts being made to secure these systems, or develop a successor that is more difficult to copy and manipulate.

"meaning Target's competitors such as WalMart and K-Mart are probably not involved."

Maybe not the K-Mart branch, but Sears has outlets in malls, and Sears = K-Mart.

Hmmmm. Paraphrase:

"We're not going to notify our customers that their card numbers were stolen unless we know they were used fraudulently afterwards."

Yeah that's how I interpreted that as well and that doesn't necessarily instill much confidence. The right thing to do is notify everyone who was affected so they can choose what action to take.

The good thing is that my bank provides FREE a service that when any transaction is made into my account I get a SMS and Email in real time. So, in case I detect somebody odd I can report it and block it right at that moment and they if was not me the bank will cover the expenses... it's like insurance

anyways, nobody is safe, so I hope they stop using Windows XP

My confidence is not shaken. I bank with Navy Federal Credit Union and USAA. These two banks go above and beyond to take care of Veterans and family members in situations like these. I also use my American Express like a debit card and American Express swiftly takes care of all fraudulent charges.

It's why I have recommended Navy Federal Credit Union for all typical "banking" uses if you are in their field of membership (which is one of the widest among federal credit unions, as it now encompasses all of the US military, their families, most DoD civilians and THEIR families, and a lot of contractors and their families also). Part of the problem is that corporate America (in fact, most of corporate planet) hews heavily to "if it isn't broke, don't fix it" - the problem with THAT rubric is, when it breaks, it usually is with rather messy consequences. The rather embarrassing part of this is that the PIN/chip standard throughout most of Europe was developed here in the US (by a coalition that included both MasterCard AND VISA), but the ABA (American Bankers Association - the lobbying group of the US' largest commercial banks) balked over the implementation costs - and thereby put the NACU (National Association of Credit Unions - the lobbying arm of all of the credit unions in the United States) in a tough spot, as they supported (and still do) PIN/chip, but don't have the muscle the commercial banks do in terms of lobbying Congress (or the Treasury Department). It's also somewhat silly as the largest US commercial banks DO use PIN/CHIP overseas, and especially Citi (they were, in fact, one of the first banks to implement it anywhere). I can only hope that someone in the Treasury Department gets a clue and mandates PIN/CHIP for all credit/debit use (basically, a systemwide changeover - that is something that Treasury DOES have the power to mandate as they are lead regulator for all wire transfers). Enough is enough.

Nice post. It's also interesting to note that Target DID have chip cards around the turn of the century, but because no other retailers were adopting them, Target scrapped it too because it slowed down the checkout process. While some here may say, "That's stupid," from a business perspective why would you put yourself at an intentional disadvantage for something that most consumers won't even care about? You don't.

I do hope that changes now though.

Of all the banking institutions I've used, USAA is the only one I've had zero complaints about, at one point there was an issues and they overnighted a new card to me to minimize the inconvenience, if you can join, you should, they are awesome

Does this rash of security incidents shake your confidence in using credit and debit cards?

No. I bank with Chase and the one time my credit card was used fraudulently, they were all over it. Not hours after a pending charge hit, I got an email, text, and two calls before I called back and in about 10 minutes had a new card coming my way. Granted it's a small inconvenience, but I can deal with that.

Same here. I also have alerts on my account so if any money is taken out of my account, I get text a few seconds after. A couple years ago there was a dollar charge to my account I didnt make. I got a call from Chase to inform me and I got a new card.

I can't stand companies who do the "as long as it works" ideal. I'd rather secure and enhance my content first, even if it takes longer.

recursive said,
And also quit using Windows of course.

Quit using any OS if it's never patched heh. Hell at that point just stop using computers, it's better for everyone else that way.

recursive said,

Or we could simply just switch over to chip based credit cards like the rest of the world has been using for 10 or so years.

You think if these things had Linux this wouldn't happen? Then explain how sites that use Linux have been hacked in the past? Clearly linux is absolutely flawless in everything

Oh and by the way, Target uses Verifone POS (some are rebranded as target systems), and want to know what OS it uses? Wait for it...wait for it...oh it's Linux. And here I was thinking that only Windows could be hacked.

Even with chip based credit cards the data still has to be transferred right? I am not sure how that stops the data snatching.

I agree though. Windows, Linux, OSX - it ALL has its weaknesses and exploits. It seems like the companies can do a little more to secure their customers from theft. But that is just my opinion...

-Razorfold said,

Oh and by the way, Target uses Verifone POS (some are rebranded as target systems), and want to know what OS it uses? Wait for it...wait for it...oh it's Linux. And here I was thinking that only Windows could be hacked.

Linux junk... why am I not surprised this happened.

If it's an inside job then it hardly matters what software they use. You think this was just some script kiddie? Seems unlikely!

Scabrat said,
Even with chip based credit cards the data still has to be transferred right? I am not sure how that stops the data snatching.

I agree though. Windows, Linux, OSX - it ALL has its weaknesses and exploits. It seems like the companies can do a little more to secure their customers from theft. But that is just my opinion...

I don't know much about the technology tbh but I'm going to make a guess here and say it's way harder to try and snatch/read the data on the chip compared to the magnetic strip which anyone can do with a cheap scanner it seems.

There don't seem to be many details about how it was accomplished. I'm guessing they're not trying to give anyone ideas.

Doesn't help that companies don't like to (or won't spend the money!) to upgrade their systems. I used to work at RadioShack as of a few months ago, and guess what their servers and POS systems use...

...that's right. A mix of Windows XP and in some cases, WINDOWS 98. I wanted to kill myself working there... everything was ungodly slow and would randomly crap out.

mikesingh said,
Doesn't help that companies don't like to (or won't spend the money!) to upgrade their systems. I used to work at RadioShack as of a few months ago, and guess what their servers and POS systems use...

...that's right. A mix of Windows XP and in some cases, WINDOWS 98. I wanted to kill myself working there... everything was ungodly slow and would randomly crap out.

Our systems fail on a daily basis , its very strange they have office XP enterprise, with only Word, Excel , Powerpoint installed for documents. They have Office 2010 Professional Plus but with only Outlook installed ( only for emails). It confuses me so much.

mikesingh said,
Doesn't help that companies don't like to (or won't spend the money!) to upgrade their systems. I used to work at RadioShack as of a few months ago, and guess what their servers and POS systems use...

...that's right. A mix of Windows XP and in some cases, WINDOWS 98. I wanted to kill myself working there... everything was ungodly slow and would randomly crap out.

Dude, I think you're confused with Windows Embedded.

You're correct, Mr. XXIV, now that I think about it... my mind just kept remembering the Windows XP bootsplash every time I had to reboot those damn computers lol