Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Target claims no responsibility for 'Black Friday' data theft in court

Target claims no responsibility for 'Black Friday' data theft in court
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Nov 22, 2014, 12:05 PM
 
Five banks are suing retailer Target over the infamous "Black Friday" data breach in a federal lawsuit. In a hearing yesterday before US District Judge Paul Magnuson, Target claimed that the bank's losses weren't the retailer's fault, as they happened at the point of sale in many stores that the corporation claims it is not responsible for, as opposed to a central failure in corporate data services - therefore, the Minnesota and US Plastic Card Security Act provisions don't apply.

First Federal Savings, Village Bank, Umpqua Bank, Mutual Bank, and CSE Federal Credit Union launched the lawsuit, as each lost $5 million or more. Target claims that the use of third-party processors insulates it against the suit, and has argued that the suit should be dismissed.

India-based researchers found evidence of the breach that spanned November 29 through December 15, 2013 after examining logs, and informed Target headquarters on November 30, 2013. Additional malware was discovered by the company's own security software on December 2. A series of alarms were issued by the software with a highest-priority warning associated, all of which were ignored by Target security personnel.

Compounding the problem, the software's automatic malware-removal features had been disabled by Target security in the months prior to the intrusion. The malware installation was detected so early, that it had not begun to transmit its payload -- customer data -- back to its creators. Timely action by Target's security staff in pruning the malware would have prevented the entire incident from happening, and would have saved Target millions in corrective actions.

Under the Plastic Card Security Act, any business entity operating in Minnesota is prohibited from storing security codes, PIN codes, or the full contents of any track of magnetic stripe data from customers' debit or credit cards for more than 48 hours after authorization of a transaction. Failure to comply makes a retailer liable for any theft of this data. Target argues that the third-party payment processors are responsible for the breach, so it has no liability, and no obligation to secure this data.

The lawyer for the banks, Karl Cambronne, told the judge that his clients "reject the notion that this case is all about the obvious, that is, the bad guys hacked into the system. Twice the Visa and Mastercard system had warned Target this malware is out there and you are not protected from it."

Magnuson has not yet ruled on the argument by Target.
( Last edited by NewsPoster; Nov 24, 2014 at 07:57 AM. )
     
James Katt
Junior Member
Join Date: Mar 2008
Status: Offline
Reply With Quote
Nov 22, 2014, 01:31 PM
 
Target should be made liable. Only then will they learn their lesson. And hopefully then, they will allow Apple Pay - which is much more secure than their system - for purchases in stores.
     
azrich
Forum Regular
Join Date: Apr 2010
Location: Prescott, AZ
Status: Offline
Reply With Quote
Nov 22, 2014, 01:54 PM
 
I can see this getting complicated, but reading what is presented here it certainly sounds like target was responsible for curating the CC terminals. So even if they don't own them, or whatever the argument is, it sounds like they have to share responsibility. Too many paws in the pot IMO. Enough that there should be a cash discount everywhere.
     
prl99
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Nov 22, 2014, 03:14 PM
 
"spanned November 29 through December 15, 2014" I see we're using some time travel to see what will be happening. I assume you meant 2013 but you made the same error twice. Target, and all other retailers, need to take ownership for the equipment used in their facilities. This includes their cash register systems. They are liable for everything else in the store (shelves falling, fires, bathrooms flooding, people tripping on gum on the floor) so why do they think they shouldn't be responsible for their computer systems, including the cash registers? Spend some of that profit on the cash registers instead of worthless advertising. I know a lot of people stopped going to Target after this issue. They lost a lot of sales because of this.
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Nov 22, 2014, 03:57 PM
 
Yeah, 2013.

Stupid Saturday shift.
     
davisadm
Fresh-Faced Recruit
Join Date: Oct 2008
Location: So. Cal.
Status: Offline
Reply With Quote
Nov 23, 2014, 11:34 AM
 
No responsibility!!! You have got to be kidding! They share responsibility with the terminal and processing owners though. Plus they held back announcing the breach. Now they disabled Apple Pay at the POS terminals, which is the most secure method of payment. And they are testing CurrentC, which already has had a data breach. Target is definitely going the wrong route and not thinking of the customers best interests.
     
phillymjs
Fresh-Faced Recruit
Join Date: Jun 2000
Location: Philadelphia, PA
Status: Offline
Reply With Quote
Nov 24, 2014, 12:18 PM
 
"Additional malware was discovered by [Target]'s own security software on December 2. A series of alarms were issued by the software with a highest-priority warning associated, all of which were ignored by Target security personnel."

If this is correct and Target knew there was a problem and ignored it, then that's negligence, plain and simple. I don't see how they can possibly argue that they're not at fault here.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 10:26 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,