News

Target says criminals attacked with stolen vendor credentials

Target says criminals attacked with stolen vendor credentials

TARGETED: The company's shares have been hurt since the data breach was announced on Dec. 19, and the incident has drawn scrutiny from lawmakers as well as federal law enforcement and consumer protection agencies. Photo: Reuters

By Jim Finkle and Mark Hosenball

BOSTON/WASHINGTON (Reuters) – Target Corp said on Wednesday that the theft of a vendor’s credentials helped cyber criminals pull off a massive theft of customer data during the holiday shopping season in late 2013.

It was the first indication of how networks at the No. 3 U.S. retailer were breached, resulting in the theft of about 40 million credit and debit card records and 70 million other records with customer information such as addresses and telephone numbers.

“The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system,” Target spokeswoman Molly Snyder said in a statement.

She declined to elaborate on what type of credentials were taken, who the vendor was, or to provide other details.

The company’s shares have been hurt since the data breach was announced on Dec. 19, and the incident has drawn scrutiny from lawmakers as well as federal law enforcement and consumer protection agencies.

Target closed at $56.89 per share on the New York Stock Exchange on Wednesday, down 1.7 percent, after reaching its lowest level since July 2012.

Earlier on Wednesday U.S. spy chiefs called on Congress to draft stricter requirements for how retailers and other private businesses should inform government agencies and customers about big breaches of personal and financial data.

The comments came as Attorney General Eric Holder confirmed that the Department of Justice was investigating the massive hacking at Target.

Separately, at Wednesday’s threat hearing before the Senate Intelligence Committee, Barbara Mikulski of Maryland, where the National Security Agency is headquartered, asked intelligence chiefs if media leaks by former NSA contractor Edward Snowden had affected U.S. cybersecurity efforts.

“Is the impact of the Snowden affair slowing us down in our work to be more aggressive in the cybersecurity area?” Mikulski asked.

FBI Director James Comey said political uproar over surveillance and Snowden’s leaks had complicated discussions about how to fight consumer data breaches.

“There is the threat of fraud and theft because we’ve connected our lives to the Internet,” Comey said. “We need to make sure that the private sector knows the rules of the road and how we share that information with the government.”

Some U.S. officials with responsibility for cybersecurity have complained privately that, while states have created a “patchwork” of local rules requiring businesses to report breaches of consumer data to authorities and the public, there are no similar federal requirements.

Congress has been wrestling for years with proposals for legislation on data security but has been unable to reach agreement. There is no national standard to govern how and when businesses that suffer consumer data breaches must advise their customers and federal agencies.

HOLDER CONFIRMS PROBE

Holder, testifying at a Senate Judiciary Committee hearing, said the Justice Department would seek the perpetrators of the Target breach as well as “any individuals and groups who exploit that data via credit card fraud.”

“While we generally do not discuss specific matters under investigation, I can confirm the department is investigating the breach involving the U.S. retailer, Target,” Holder said.

The Secret Service has taken the lead investigating the breaches at Target and other retailers, including Neiman Marcus and Michaels Companies Inc, the largest U.S. arts and crafts retailer.

Reuters reported on Jan. 23 that the FBI also warned U.S. retailers to prepare for more cyber attacks after discovering about 20 hacking cases over the past year that involved the same kind of malicious software used against Target during the holiday shopping season.

CONGRESS PILES ON

As lawmakers accelerated to gather information about the data breaches, Senator Jay Rockefeller, Democratic chairman of the Judiciary Committee, took a new tack, asking Target why the company had not yet reported its data breach to the U.S. Securities and Exchange Commission.

“Your failure thus far to provide this information to your investors does not seem consistent with the spirit or the letter of the SEC’s financial disclosure rules,” Rockefeller wrote in the three-page letter to Target’s chief executive.

Democratic members of the Energy and Commerce Committee on Wednesday asked Neiman Marcus for documents relating to the upscale retailer’s recent cybersecurity breach. Last week, the same lawmakers asked Target executives to provide an array of internal documents.

On Thursday, members of the powerful House Oversight Committee, which has broad investigative jurisdiction, will hold a telephone briefing with Target representatives, during which detailed questions are expected to be asked about how and why the data breaches occurred.

Target’s Snyder did not provide details about upcoming meetings but reiterated that Target was “continuing to work with elected officials to keep them informed and updated as our investigation continues.”

At least three different congressional panels are slated to hold hearings, beginning next week. Target’s chief financial officer and a Neiman Marcus official will appear before the Senate Judiciary panel on Tuesday.

(Additional reporting by Dhanya Skariachan in New York, and Lawrence Hurley, Susan Heavey and Alina Selyukh in Washington; Writing by Ros Krasny; Editing by Howard Goller, Bernadette Baum, Tom Brown and Ken Wills)

Recent Headlines

in Music

Justin Bieber charged with dangerous driving

Canadian pop singer Justin Bieber drives a quad bike at the beach as he takes a break in a resort in Punta Chame on the outskirts of Panama City in a January 27, 2014 file photo.

Justin Bieber has been charged with dangerous driving and assault following an altercation and collision on Friday.

in Music

Kanye West confronted SNL comedian over MTV VMAs spoof

Kanye West American rapper, songwriter, record producer, film director, entrepreneur, and fashion designer, Kanye West attends the Cannes Lions 2014, 61st International Advertising Festival in Cannes, southern France, Tuesday, June 17, 2014. The Cannes Lions International Advertising Festival is a world's meeting place for professionals in the communications industry.

Kanye West has urged SNL's Jay Pharoah not to make light of his hard work after the rapper was spoofed during the MTV Video Music Awards.

in Entertainment

Angelina Jolie debuts wedding dress featuring kids’ artwork

The cover of People magazine, dated 15th September, 2014, featuring the wedding of Angelina Jolie to Brad Pitt.

Angelina Jolie has debuted photos of her surprise nuptials to Brad Pitt, revealing she wore a designer wedding gown featuring artwork by their six children.

in Music

Chris Brown pleads guilty to assault

Singer Chris Brown leaves District of Columbia Superior Court in Washington, Tuesday, Sept. 2, 2014, after pleading guilty on a misdemeanor assault. Brown pleaded guilty on Tuesday to hitting a man outside a Washington hotel, an assault that occurred while the singer was on probation for attacking his then-girlfriend Rihanna. Brown pleaded guilty to misdemeanor assault and was sentenced to time served. He spent two days in a District of Columbia jail in this case.

Chris Brown appeared at a court in Washington, D.C. and admitted beating up a man outside a hotel in the city last year.

in Music

Andre 3000 planning rap retirement next year

Andre 3000 performs at the Way Out West Festival in 2014.

Outkast star Andre 3000 is convinced hip-hop is a young man's game and he confesses he can no longer keep up with his new peers.