Data Security

A group known as the Syrian Electronic Army claimed over the weekend it hacked eBay and PayPal websites. Mashable broke the story on Saturday, and now Ars Technica is reporting on claims that the group intercepted sensitive email from eBay employees while they were investigating the incident. The EcommerceBytes Blog noted on Saturday that eBay users in the U.K. saw the group's logo on what appeared to be the eBay U.K. homepage on the day of the breach.

Target, which suffered a massive data breach during the holiday shopping season, is speeding up a $100 million program to implement the use of chip-enabled smartcards to protect against cyber theft, a senior company executive said. In an opinion piece on Monday in The Hill newspaper on the eve of his much-awaited appearance before the Senate Judiciary Committee, Target Chief Financial Officer John Mulligan said the retailer's goal was to have the technology in place by early 2015, more than six months ahead of schedule.

The Direct Marketing Association (DMA) yesterday sent a letter to Congress restating its long-standing commitment to ensuring the security of consumer data across the entire data-driven marketing economy. The letter states, in part:

This past January, as I've done for the past five years or so, I trekked into New York City's Jacob Javits Convention Center for the National Retail Federation's (NRF) Big Show. I was met, as I was in past years as well, by retailers from around the world. I spent time at this year's conference attending presentations and press conferences; meeting and interviewing retail industry execs in the press room; and walking the vast exhibit hall floors trying to find the "next big things" in retail technology. Here are a few of my takeaways

Q: "I sell merchandise on eBay and via my own site, and have much better sales on eBay. How can I convert those eBay buyers to purchase on my website?"

Target said cyberthieves stole credentials from one of the retailer's vendors in order to access its system, according to an ongoing forensic investigation into a data breach that may have exposed information from as many as 110 million customers. The company said that since disclosing the hack Dec. 15, it cleared its system of the malware that had been planted. "In addition, since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues," Target spokeswoman Molly Snyder said in a statement Wednesday.

U.S. banks have spent more than $153 million so far replacing 15.3 million debit and credit cards after the huge data heist from Target Corp., and the numbers are only growing. The Consumer Bankers Association announced the numbers Tuesday, saying that as more retailers announce breaches, the price tag for banks could grow to “hundreds of millions of dollars, and possibly billions.” It’s time for Target to step up to the plate and pay some of the costs for one of the largest data thefts recorded in the United States, the industry group said.

There seems to be an announcement almost weekly that a retailer has been the victim of a cyberattack in which consumer information has been stolen. Has this become the next wave of 21st century white-collar crime as the world of electronic credit and payments opens up companies to more and more thefts of financial information? As hackers’ level of sophistication increases, companies have a harder time even detecting whether computer systems have been attacked and the extent of any security breach.

Michaels, the biggest U.S. arts and crafts retailer, said it's investigating a possible breach on its network and advised customers to check financial statements for fraudulent activity. The warning, which comes in the wake of the unprecedented breach at Target Corp. over the holiday shopping season, suggests that hackers may be attacking retailers in a spree the extent of which is yet to be fully understood. Target last month disclosed an unprecedented breach that resulted in the theft of some 40 million payment card records and another 70 million customers’ records. 

Neiman Marcus said about 1.1 million credit cards may have been compromised in a data breach that occurred last year. Visa, MasterCard and Discover have notified the Dallas-based department store chain that about 2,400 cards used at its stores between July 16 and Oct. 30 were used fraudulently, according to a statement yesterday. Online shoppers weren't affected, the company said. Closely held Neiman Marcus is the second U.S. retailer to announce a customer data security breach. Minneapolis-based Target Corp. has said as many as 110 million customer accounts were compromised during the holiday shopping season by the theft of information.