Target, Home Depot, TJ Maxx - they make the headlines. Large companies whose networks have been compromised leaving millions of consumers vulnerable to credit card fraud. Are the cyber criminals picking out the large corporations, or are they also attacking small mom & pop shops? Similarly, are merchants required to divulge security breaches to the public?
While it is true that most states have laws requiring companies to contact customers if certain personal information is compromised - usually, however, the task falls on the credit issuers. It was revealed in 2014 that some lesser known retailers (small outlet shops) may have also been the victim of the same person or persons responsible for the Target attack. It was believed in the case with Target, the breach was the result of a malware program called a RAM scraper -- a memory parsing software, which enables criminals to obtain encrypted data traveling through live memory of a computer, where it appears as plain text.
It would appear some of these are well planned, comprehensive attacks. Conversely, some may be crimes of opportunity or convenience. Many retailers simply delay disclosing breach information as they feel it might hurt their business and public image.
Read more about the Target fall out from Reuters:
http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112
- Angie
No comments:
Post a Comment