Target Makes Information Security Changes

Target Corp announced an overhaul of its information security processes and the departure of its chief information officer as the retailer tries to re-gain customers and investors after a massive data breach late last year.

CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.

Jacob, who comes from a sales background and has been CIO since 2008, will be replaced by an external hire, according to sources at Target.

“It’s a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model,” Belus Capital Advisors CEO Brian Sozzi said.

The breach at Target was the second largest at a U.S. retailer, after the theft of more than 90 million credit cards over about 18 months was uncovered in 2007 at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains.

Hacking has become a major concern for retailers in the United States. In the latest reported breach, beauty products retailer and distributor Sally Beauty Holdings Inc said on Wednesday its network had been hacked but no card or customer data appeared to have been stolen.

Target Chief Executive Gregg Steinhafel said the company would elevate the role of chief information security officer as part of its plan to tighten its security.

The company will also look externally to fill that position as well as the new position of chief compliance officer.

Steinhafel said Target would be advised by security consultant Promontory Financial Group as it evaluates its technology, structure, processes and talent.

“I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously,” Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, told Reuters.

Target, the third-largest U.S. retailer, said last week customer traffic had started to improve this year after falling significantly toward the end of the holiday shopping season when news of the cyber attack spooked shoppers.

Source

Did Sears Suffer A Data Breach?

Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.

“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.

“We have found no information based on our review of our systems to date indicating a breach,” he added.

He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.

Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.

Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.

The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.

A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.

The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.

Source

SEC Plans Cybersecurity Meeting

The Securities and Exchange Commission said that its making plans to conduct a roundtable next month to discuss cybersecurity, after massive retailer breaches refocused the attention of the business community and policymakers on the area.

The SEC said that it would hold the event on March 26 to talk about the challenges cyber threats pose for market participants and public companies.

Recent breaches at Target Corp and Neiman Marcus have sparked concern from lawmakers and revived a long-running spat among retailers and banks over who should bear the cost of consumer losses and technology investments to improve security.

Last Thursday, trade groups for the two industries announced they are forming a partnership to work through the disputes.

U.S. lawmakers have also considered weighing in on how consumers should be notified of data theft. But progress on legislation is not guaranteed in a busy election year.

The SEC in 2011 drafted informal staff-level guidance for public companies to use when considering whether to disclose cyber attacks and their impact on a company’s financial condition.

SEC Chair Mary Jo White last year told Congress that her agency was reviewing whether a more robust disclosure process is needed. But she told reporters last fall she felt the guidance appeared to be working well and that she didn’t see an immediate need to create a rule that mandates public reporting on cyber attacks.

Source

Stratfor Security Hit By Anonymous

The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.

Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.

Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”

Source…

« Previous Page