A lot of the reason why these large scale data breaches happen....
    21 Dec : 20:34  by admin
    The reason Target (and 99% of other merchants) STORE large volumes of credit card data is because there is other data mixed in with it that they sell to marketers for millions! The sensitive data is never seen by the marketer, but is vulnerable before it gets to the marketer because it's being stored long term
    Target card numbers floating around in the wild
    21 Dec : 20:19  by admin
    From Techcrunch:

    n a deliciously detailed post, security writer Brian Krebs has explained the path taken by credit card numbers stolen in the Target breach on their way to the carder black market. Krebs has far more information in his post but he’s discovered that some card shops have created Target-only sections for the trove of numbers.

    Krebs described visiting a particularly infamous card shop where he and an anonymous bank representative found sets of cards belonging to a “base” called Tortuga. In carder slang, a base is simply a source of cards. And Tortuga cards, according to Krebs, belonged to a set of numbers stolen from target stores. Amazingly, many of the cards included zip code or state data, thereby circumventing the fraud protections, as many banks automatically treat out-of-state card purchases as suspect.

    How quickly did customer react on hearing about the breach? Clearly not fast enough:
    The New England bank decided to purchase 20 of its own cards from this shop, cards from Tortuga bases 6-9, and Tortuga 14 and 15. The store’s “shopping cart” offers the ability to check the validity of each purchased card. Any cards that are checked and found to be invalid automatically get refunded. A check of the cards revealed that just one of the 20 had already been canceled.

    Should you be worried? If you shopped in a physical Target store and swiped your credit or debit card there between November 27 and December 15, then the answer is “Yes.” However, thieves cannot fully recreate your card and, say, withdraw cash from your account or make an online purchase. Target media representative Molly Snyder wrote:

    1. At this time, there is no indication that there has been any impact to PIN numbers. What this means is their bank PIN debit card or Target debit card still has this additional layer of protection. It also means that someone cannot visit an ATM with a fraudulent card and withdraw cash.
    2. We have no indication that the data that was inappropriately accessed included a guest’s date of birth or social security number.
    3. The CVV data that may have been impacted was data in the magnetic strip and NOT the three or four-digit code visible on the card that guests use that would allow someone to make an online purchase.

    Target CEO Gregg Steinhafel said that customers can enjoy a brief discount on everything at the store as well as free credit monitoring for a year.
    "We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We’re in this together, and in that spirit, we are extending a 10% discount – the same amount our team members receive – to guests who shop in U.S. stores on Dec. 21 and 22. Again, we recognize this issue has been confusing and disruptive during an already busy holiday season. We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores.”

    The small bank Krebs assisted in the exploration of the carder site will probably re-issue all 5,300 of its customer’s cards after Christmas. That just leaves thirty-nine million nine hundred ninety-four thousand seven hundred more cards to check for fraud.
    [Submitted by admin]
    Target: 40 million credit cards compromised
    19 Dec : 18:55  by admin
    From CNN:

    Late Wednesday, the Secret Service, which is charged with safeguarding the nation's financial infrastructure and payment systems, confirmed it was investigating the breach.

    Spokesman Brian Leary declined further comment.

    The breach first came to light via a report from respected security researcher Brian Krebs, who said Target had suffered a data breach around the time of Black Friday last month "potentially involving millions of customer credit and debit card records."

    Target (TGT, Fortune 500), the nation's No. 2 general merchandise retailer after Wal-Mart Stores (WMT, Fortune 500), said cards used at the brick-and-mortar stores between Nov. 27 and Dec. 15, 2013, may have been impacted.

    Target didn't specify how its systems were hacked. But judging by the scope of the breach and the kind of information criminals got, security experts say hackers targeted the retailer's point-of-sale system. That means they either slipped malware into the terminals where customers swipe their credit cards, or they collected customer data while it was on route from Target to its credit card processors.

    The retailer said it notified authorities and financial institutions immediately after it was made aware of the unauthorized access, and had hired a forensics team to thoroughly investigate how the breach may have happened.

    "Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," CEO Gregg Steinhafel said in a statement. "We regret any inconvenience this may cause."

    The thieves reportedly gained access to data on the magnetic strips of shoppers' cards, potentially allowing them to produce counterfeit versions, according to Krebs.

    The thieves could also potentially withdraw cash from ATMs using counterfeit debit cards if they were able to intercept PIN data from Target, he said.

    American Express (AXP, Fortune 500) and Discover (DFS, Fortune 500) both said they were "aware" of the incident and had fraud controls in place.

    "This is an ongoing investigation," an AmEx spokeswoman said, declining to comment further.

    MasterCard (MA, Fortune 500) referred questions to Target; Visa (V, Fortune 500) did not respond to requests for comment.
    Litchfield County Computer unveils new web site
    17 Dec : 00:54  by admin
    I have updated the LCC website. A lot of cool new features are coming. Check back later.