Target to invest $5m in cyber security awareness

Cyber breach-hit US retailer Target is to invest $5m in a cyber security education campaign

Cyber breach-hit US retailer Target has announced it is to invest $5m in a multi-year campaign to educate consumers about cyber security.

The announcement comes days after Target said investigators had found that hackers stole personal information from around 70 million customers.

This is 30 million more than the 40 million announced when the breach was discovered in December 2013.

The attackers reportedly infected Target's point-of-sale terminals with malware to steal payment card information.

The target breach looks set to become the largest data breach for a retailer, with the latest estimate of affected customers reportedly as high as 110 million as the investigation continues.

Before now, the largest data breach was the theft of 45.7 million credit card records from TJX Companies in 2007.

Security industry commentators have said the breach at Target should serve as a warning to UK retailers and their customers.

While the TJX attack was made through insecure wireless networks, the Target attack is more likely to have been enabled by a phishing attack or insecure web application, according to Chris Wysopal, co-founder and chief security officer at security firm Veracode.

The attackers are also likely to have used malware customised for the type of point of sale terminals used by Target, and it is likely that at least part of the retailer’s network was compromised, he said.

In an open letter on 13 January, Target CEO Gregg Steinhafel apologised for the data breach and claimed that all malware had been removed from the retailer’s point of sale systems.

He said Target had hired a team of data security experts to investigate how the breach happened in collaboration with law enforcement agencies.

Target has promised that customers will have zero liability for any fraudulent charges arising from the breach and has offered one year of free credit monitoring and identity theft protection.

Steinhafel also announced Target’s plan to set up a coalition aimed at improving awareness of cyber security among consumers.

He said the coalition also aims to “accelerate the conversation” on adopting newer, more secure technologies among retailers, financial institutions, regulators and others.

“Target has a long-standing history of commitment to our communities, and cyber security is one of the most pressing issues facing consumers today,” said Steinhafel.

“We are proud to be working with three trusted organisations – the National Cyber-Forensics and Training Alliance (NCFTA), National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) – to advance public education around cyber security,” he said.

The company will learn from the experts at these organisations about the complexities and growing challenges associated with cyber security, and how to educate consumers on these issues.

NCFTA chief Maria Vello said cyber crime is increasingly complex and is constantly shifting patterns.

“It impacts all industry sectors and tech-savvy consumers, especially with the evolution of the smartphone, bring your own device to work, the highly connected world and having an app for everything.

“Effectively addressing such digital crimes demands a new and collective response. Organisations from the public and private sectors must partner together,” she said.

Target said the coalition is set to meet for the first time this week in Washington DC.

Read more on Privacy and data protection