Below are some excerpts from news report from the past few weeks. The story is quite obvious — initially Target has (3 weeks too late) confirmed that credit card information of people who made purchases in Target at a certain time period was compromised. Then it turned out that it was more than that — the company’s internal database(s) were compromised causing people to lose PII (and possibly be vulnerable to identify theft.) Then it turned out the Neiman Marcus and at least two other large US retailers were similarly attacked.
Your goal is to find some plausible explanation of what is that the attackers do to gain the information. Assume that the attacks are by outsiders (rather than insiders’ attacks.) You can use any (non-human) material you have access to, but please do it on your own.
What was stolen? The hack affected customers who shopped at U.S. Target storesbetween November 27 and December 15, Target said.
Customer names, credit or debit card numbers, expiration dates and CVVs were involved in the information theft, Target said. The CVV – the card verification value, also known as the security code – is a three or four-digit number typically requested by retailers when making purchases online or over the phone.
Hackers could use this data to make card replicas. Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.
PIN numbers, other customer information like Social Security numbers, and employee records were not compromised, Target said.
In December, Target said 40 million credit and debit card accounts — including customers’ card numbers, expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards— were stolen in a data breach that happened between Nov. 27 and Dec. 15. Last week, the company disclosed that hackers stole an additional trove of data affecting 70 million people. That data included names and phone numbers as well as email and mailing addresses.
That’s because hackers didn’t just break into Target’s point-of-sale system and collect data from magnetic stripes on 40 million payment cards. They also wormed their way into Target’s massive database of 70 million customers, which included names, emails, phone numbers and addresses.
Hackers have now hit Neiman Marcus and at least three other stores. As federal authorities track what’s believed to be an international crime ring, customers are demanding answers.