Target Got Hacked Hard in 2005. Here's Why They Let It Happen Again

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2014/01/target-hack/

By Kim Zetter
Threat Level
Wired.com
01.17.14

A gang of shadowy hackers tears through the systems of big-box retailers, 
making off with millions of credit and debit card numbers in a matter of 
weeks and generating headlines around the country.

Target and Neiman Marcus last week? Nope. This oh-so-familiar attack 
occurred in 2005.

That’s when Albert Gonzalez and cohorts -- including two Russian 
accomplices -- launched a three-year digital rampage through the networks 
of Target, TJ Maxx, and about half a dozen other companies, absconding 
with data for more than 120 million credit and debit card accounts. 
Gonzalez and other members of his team eventually were caught: he's 
serving two concurrent sentences for his role, amounting to 20 years and a 
day in prison, but the big-box breaches go on.

The latest string of hacks attacking Target, Neiman Marcus, and others 
raise an obvious question: How is it that nearly a decade after the 
Gonzalez gang pulled off its heists, little has changed in the protection 
of bank card data?

Target got off easy in the first breach: A spokeswoman told Reuters an 
"extremely limited" number of payment card numbers were stolen from the 
company by Gonzalez and his gang. The other companies weren’t as lucky: 
TJX, Hannaford Brothers grocery chain, the Dave & Busters restaurant 
chain, Office Max, 7-Eleven, BJ's Wholesale Club, Barnes & Noble, JC 
Penney, and, most severely, Heartland Payment Systems, were hit hard.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/