Newsrooms scramble to explain Target data breach

by December 20, 2013
Target credit card breach

The Boston Globe used a Q&A to try to help readers make sense of Target’s security breach.

Retailers like to make headlines in December — but for triumphs like double-digit sales increases, not the security fiasco that discounter Target is red-faced over in the final crucial shopping days before Christmas.

News that hackers may have been picking off data from tens of millions of shopper credit cards for weeks on end is a nightmare for the merchant and for customers as well.  Some analysts already are speculating that the financial information breach will cost Target sales in the final pre-holiday shopping days; citing angry Facebook posts from patrons.

I don’t think this news is going to die down for a few days, so you might want to ponder some local angles.  If your region is headquarters for any major banks, retailers or credit-card processing firms, you’ve got the edge and I’d certainly be asking them what infrastructure they have in place (human, technological, policy and with vendors) to prevent the compromising of financial information.  To help you formulate some questions, go to the firms that sell security services; here’s a white paper from Symantec, “Anatomy of a Data Breach: Why breaches happen and what to do about it.”  It’s got some fairly lay-friendly explanations of how hackers can get into private systems and manipulate code.

Another interesting read is “Data Breach Prevention Tips” from Kroll, a national security firm.  In addition to tapping the expertise of these national companies for comment, you might find local cyber-security experts, either for analysis of area corporations’ risk or as the subjects of interesting business profiles; a USA Today report from October says that “Cyber security companies attracting huge investment,” and you might want to find out if there are any interesting start-ups or venture-capital darlings in your area.  (Check with business incubators and economic development agencies for leads.)  Just as an example of how hot the sector is, Cisco Corp. just purchased cybersecurity firm Sourcefire for a cool $2.7 billion.

Clearly — with worries about National Security Agency cyber spying in the zeitgeist and now another big criminal data heist, reporting on information security could become a full-time beat.  And as regulators no doubt will be clamping down following this high-visibility incident; I would, as a shortcut (with the appropriate skepticism)  check with trade organizations and lobby groups on the beats I cover — what are they worried about in terms of crackdowns, policies and rules related to cyber security?  Here’s an industryarticle about how the coming new federal cyber security guidelines “..could leave energy companies liable” for non-compliance discipline.  What are the tradeoffs between the costs (financial, opportunity, etc.) in tightening data security vs. business as usual?

The new federal regulations are being formulated by the National Institute of Standards & Technology; the preliminary framework is open for public comment until Dec. 24.  And for consumer info, the big credit reporting firms like Experian might have comment to offer.

Clearly consumer-oriented personal finance stories will be welcome by audiences worried about their cards.  CreditCards.com is a font of consumer information about credit-card usage and laws; also a  number of wire stories already are out about what Target shoppers need to know if they used a credit card in the vulnerable period; here is a fantastic round-up from the Cleveland Plain Dealer, “A lesson from Target: Before you use that debit card again, here are 20 things you should know.”   Consider a sidebar for readers about how to request their free annual credit reports — and perhaps look at the pros and cons of identity-theft smartphone apps.