More than 110 million Target customers had their credit-card information stolen because at least one employee of a heating and air-conditioning contractor succumbed to an email phishing scheme, cybersecurity blogger Brian Krebs reported Wednesday.
The revelation, if true, is the strongest indication yet of what went wrong since Krebs first exposed the massive heist of consumer financial data at the national retail giant late last year, a startling cyberattack that has prompted intense congressional inquiry. Neiman Marcus and other chains have also recently been victimized, though it is not believed that the perpetrators are the same.
Last week, Krebs reported that hackers infiltrated Target’s network by swiping the login credentials of Fazio Mechanical Services, a Pennsylvania-based contractor.
Now, anonymous sources tell Krebs that credentials “were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.” It appears that the culprits used a password-stealing bot known as Citadel to get the job done.
Fazio, in response to its sudden notoriety last week, sent out a statement explaining that it had been “the victim of a sophisticated cyberattack operation.” But Krebs notes that the company’s defense against malicious attacks was a free version of a somewhat impotent anti-malware program, which “is made explicitly for individual users and its license prohibits corporate use.”
Members of Congress are calling for a bill to create a national reporting standard for data breaches similar to the one that hit Target. Retailers and financial institutions would be required to notify government and consumers of breaches when they occur.
The new revelations arrive on a day when the White House rolled out a set of voluntary guidelines intended to help businesses defend themselves against hackers.
What We're Following See More »
Along party lines, the Federal Communications Commission on Thursday voted to tighten privacy standards for Internet service providers. "The regulations will require providers to receive explicit customer consent before using an individual’s web browsing or app usage history for marketing purposes. The broadband industry fought to keep that obligation out of the rules."
President Obama commuted the sentences of another 98 drug offenders on Thursday. Most of the convicts were charged with conspiracy to distribute drugs or possession with intent to distribute. Many of the sentences were commuted to expire next year, but some will run longer. Others are required to enroll in residential drug treatment as a condition of their release.
The Department of Justice announced today it's charged "61 individuals and entities for their alleged involvement in a transnational criminal organization that has victimized tens of thousands of persons in the United States through fraudulent schemes that have resulted in hundreds of millions of dollars in losses. In connection with the scheme, 20 individuals were arrested today in the United States and 32 individuals and five call centers in India were charged for their alleged involvement. An additional U.S.-based defendant is currently in the custody of immigration authorities."
Evan McMullin, the independent conservative candidate who may win his home state of Utah, is quietly planning to turn his candidacy into a broader movement for principled conservatism. He tells BuzzFeed he's "skeptical" that the Republican party can reform itself "within a generation" and that the party's internal "disease" can't be cured via "the existing infrastructure.” The ex-CIA employee and Capitol Hill staffer says, “I have seen and worked with a lot of very courageous people in my time [but] I have seen a remarkable display of cowardice over the last couple of months in our leaders.” McMullin's team has assembled organizations in the 11 states where he's on the ballot, and adviser Rick Wilson says "there’s actually a very vibrant market for our message in the urban northeast and in parts of the south."