Target’s e-billing data breach costs have climbed to over USD 220 million!

Hackers uses e-billing system connection to steal credit card data from 110 mln customersComputerWeekly.com mentioned in this post that US retailer Target has agreed to an $18.5m settlement with 47 US states and the District of Columbia over its 2013 data breach that affected tens of millions of customers.

The settlement comes on top of the $202m Target has spent on legal fees and other costs since the breach, according to the company’s most recent annual statement.

What happened at Target’s?

Cyber attackers stole the payment card data of more than 41 million customers as well as the contact information of more than 60 million customers.

Thorough investigation showed that that cyber criminals had gained access to Target’s gateway server using credentials stolen they stole from a heating, ventilation and air conditioning contractor in November 2013.

This contractor was connected to Target’s systems to provide electronic billing services, contract submissions and project management services.

Once on the gateway server, the cyber criminals were then able to exploit weaknesses in the IT system to access a customer service database and install data stealing malware, stealing data such as  customers’ full names, phone numbers, email addresses, home addresses and payment card data such as expiration dates, encrypted security codes and encrypted PINs.

Read the entire article here


Related posts


Comments are closed.