Search Results for “target breach”

Ten Years Later, New Clues in the Target Breach

December 14, 2023

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator.

The Target Breach, By the Numbers

May 6, 2014

136 Comments

News that Target’s CEO Gregg Steinhafle is stepping down prompted a flurry of reports from media outlets trying to recap events since the company announced a data breach on Dec. 19, 2013. Sprinkled throughout those reports were lots of numbers, which got me to thinking about synthesizing them with some of the less-reported numbers associated with this epic breach.

Card Backlog Extends Pain from Target Breach

February 25, 2014

56 Comments

Last week’s story about steeply falling prices on credit and debit card data stolen from Target mentioned several reasons why many banks may not have already reissued all of their cards impacted by the breach. But it left out one… Read More »

Fire Sale on Cards Stolen in Target Breach

February 19, 2014

47 Comments

Last year’s breach at Target Corp. flooded underground markets with millions of stolen credit and debit cards. In the days surrounding the breach disclosure, the cards carried unusually high price tags — in large part because few banks had gotten around to canceling any of them yet. Today, two months after the breach, the number of unsold stolen cards that haven’t been cancelled by issuing banks is rapidly shrinking, forcing the miscreants behind this historic heist to unload huge volumes of cards onto underground markets and at cut-rate prices.

New Clues in the Target Breach

January 29, 2014

132 Comments

An examination of the malware used in the Target breach suggests that the attackers may have taken advantage of a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internal network.

Cards Stolen in Target Breach Flood Underground Markets

December 20, 2013

445 Comments

Cards stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned.

Breach at DocuSign Led to Targeted Email Malware Campaign

May 15, 2017

68 Comments

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign.

Bidding for Breaches, Redefining Targeted Attacks

September 23, 2015

28 Comments

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.” These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.

Inside Target Corp., Days After 2013 Breach

September 21, 2015

102 Comments

In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store.

Email Attack on Vendor Set Up Breach at Target

February 12, 2014

265 Comments

The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.