BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Should Retailers and Banks Tell You When You’ve Been Hacked?

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 23 Apr 2014 18:47:24 -0600
http://www.foxbusiness.com/industries/2014/04/18/should-retailers-and-banks-tell-when-youve-been-hacked/

Should retailers be obligated to tell shoppers every time their credit and
debit card have been hacked?

Michaels Stores, the country’s biggest crafts chain  is now saying card
breaches took place over two separate eight-month-long stretches at its
stores beginning as early as May of last year, including at its Aaron
Brothers unit, and may have exposed as many as 2.6 million customer payment
cards.

Retail analysts warn retail chains have a history of not telling customers
about hacks because they initially think the breaches are small and not
worth alarming customers. Just like banks that get hit daily by hackers and
whose executives fear runs on deposits.

According to the respected security site KrebsonSecurity, run by expert
Brian Krebs, this incident is the second time in three years Michaels
Stores has had a widespread breach of its payment systems. The problem is
while Michaels initially said the impact was small, and two independent
security firms had investigated the break-ins and initially found nothing,
it turns out the hacks were much more serious.

Krebs says in May 2011, Michaels disclosed hackers physically tampered with
some point-of-sale devices at store registers in some Chicago locations,
but the hack was bigger than that. It says further investigation revealed
compromised POS devices in stores across the country, from Washington, D.C.
to the West Coast.

But here’s the fallback crutch of a fix that Krebs says retailers are
increasingly offering as a Band Aid to your credit accounts.

Michaels, which is moving toward an initial public offering, says while it
received limited reports of fraud, it is offering identity protection,
credit monitoring and fraud assistance services credit monitoring services.

But do you think the credit monitoring guys are going to protect you from
fraud?

“They’re not great at stopping new account fraud committed in your name,”
Krebs warns. “The most you can hope for with these services is that they
alert you as quickly as possible after identity thieves have opened or
attempted to open new accounts in your name.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: