Last week, this blog covered the security breach of Target that resulted in credit card information from 40 million customers being compromised. This happened during the height of the holiday shopping season (late-November through mid-December) and how far it reaches is still being felt.
The one thing we don’t know, however, is how the attack happened. The company and U.S. Secret Service is still investigating. However, based on the information that Target has released, it is possible to make some assumptions. A recent article from Mercury News interviewed several security experts to try to figure out what happened.
The general consensus is that this was a carefully planned and coordinated attack to penetrate the retailer’s defenses and access information. This was most likely done by computer hackers through the use of malware or by taking advantage of a software concern.
“A hacker can find a tiny vulnerability to get into a server, and then move laterally to exploit other vulnerabilities,” Ken Westin, a security researcher at Tripwire, told the news source. “Once you get your foot in the door, all heck breaks loose.”
The article also mentioned other possibilities for how this attack could have happened, including POS skimmers, tampering with computer hardware or having an employee on the inside letting the criminals in.
The number of ways that criminals could have pulled this off should be enough for merchants to start seeking out upgraded POS equipment and software to keep all of their data safe. With the help of a retail solutions provider that understands security processes, any merchant can gain an upper hand on criminals.