Target Invests in Security EducationProvides $5 Million to New Coalition Educating Public on Risks
See Also: DevOps - Security's Big Opportunity
The news comes after Target revealed that personal information for up to 70 million customers, in addition to as many as 40 million debit and credit card numbers, was exposed in a recent breach (see Target Breach: New Questions Raised).
The coalition comprises the National Cyber-Forensics and Training Alliance, the National Cyber Security Alliance and the Better Business Bureaus, according to a Target blog. The group will launch a campaign to accelerate the dialogue around cybersecurity threats and the dangers of consumer phishing scams.
"Target has a longstanding history of commitment to our communities, and cybersecurity is one of the most pressing issues facing consumers today," says Gregg Steinhafel, Target chairman, president and CEO. "We are proud to be working with three trusted organizations ... to advance public education around cybersecurity."
The coalition will meet for the first time this week in Washington, according to the blog. Target is looking to learn from the experts at the three organizations to understand the growing challenges associated with cybersecurity and how to educate consumers in "trusted, accessible and understandable ways," the blog says.
Democrats Seek Answers
Meanwhile, 17 Democratic members of the House Financial Services Committee have called for a hearing to explore the recent Target breach.
The Democrats want to review current laws designed to protect consumers and determine what more can be done to ensure the security of consumers' payment card information, according to a statement.
"It is incumbent upon our committee to explore whether industry data protection standards are appropriate and examine whether heightened regulatory standards are needed to more effectively protect consumers," the statement says. "A hearing would provide members the opportunity to hear from regulators and the industry to learn what steps merchants, financial institutions, payment processors, card networks and others should take to reduce vulnerabilities in the payment system and strengthen measures that protect consumers from fraud."
In addition, two Democratic senators are asking Target for details about the causes of the breach.
In a letter to Target's CEO, Sen. Claire McCaskill of Missouri, chairman of the Subcommittee on Consumer Protection, and Sen. Jay Rockefeller of West Virginia, chairman of the Commerce Committee, wrote: "It has been three weeks since the data breach was discovered, and new information continues to come out. We expect that your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the committee with detailed information."
Recent Retail Breaches
Coming off the news of the Target breach, Neiman Marcus Group, a Dallas-based luxury retailer, has confirmed that it is working with the U.S. Secret Service to investigate a breach in December that may have exposed customers' payment cards (see Neiman Marcus Confirms Card Breach).
According to industry insiders, it's likely more retailers, beyond Target and Neiman Marcus, have suffered breaches that potentially exposed payment card data. But it may take weeks to get the full picture of this wave of point-of-sale attacks (see Retail Breaches: Who's Next?).
Based on what's known about the Target and Neiman Marcus breaches, attackers probably spent months testing vulnerabilities in U.S. POS networks and systems, says Beth Diamond of Beazley Breach Response, a cyber-insurance and risk mitigation provider.
"Hackers may have found a vulnerability one place and capitalized on it in systems elsewhere," she says. "It could be a similar vulnerability from the software or the configuration of the systems. We will know more when we know what the Secret Service has been investigating."