Filed Under:

Security Experts Say Data Thieves Are Getting Harder To Fight

Play associated audio

The recent disclosure that a large trove of customer information was stolen from Target, and now also from Neiman Marcus, points to growing vulnerabilities in cybersecurity. And experts say the problem is becoming more difficult to combat.

Avivah Litan, a security analyst at Gartner, says she's hearing from sources at retailers that the holiday-season data breaches were not limited to the 70 million-plus Target customers and untold number of Neiman Marcus shoppers.

"It's clear that there is a new bout of attacks," Litan says. She says data thieves struck several years ago at T.J. Maxx, J.C. Penney and Target and that they could be back, though it might be a different gang of thieves.

Litan blames, in large part, the magnetic payment strip system, which she says is more vulnerable than systems used by other countries around the world that have smart chips embedded in credit cards.

David Burg, leader of cybersecurity at PricewaterhouseCoopers, adds that part of the problem is rapid innovation.

"As we use more and more technologies to collaborate among businesses, or to connect with consumers using mobile devices and other kinds of applications that allow consumers to interface with various corporations, what you have is an attack surface that keeps increasing in size and complexity, making it very hard to secure," Burg says.

Burg says while there is a lot of pressure on retailers to alert consumers, regulatory and law enforcement authorities quickly, often there are delays because criminals work hard to cover their tracks.

"It's very hard to figure out what happened, how it happened and what the impact was," he says.

Tom Kellermann, a managing director at Alvarez & Marsal, a professional services firm, says the latest round of attacks indicate that even companies that invest heavily in sophisticated security systems are seeing new vulnerabilities from new sources — namely, rogue hackers who are buying readily available software tools on the black market.

"There's a massive consulting- and software-based industry that supports the shadow economy that makes it far easier for people who are not sophisticated to leverage these types of attacks," Kellermann says.

Kellermann says organized crime syndicates — especially in Eastern Europe — not only make money selling the malware but also use the hackers' channels to their own ends. They prod at a company's network, often hanging out for months undetected, and then plan their attack.

"From someone who has investigated major breaches in the past, I am suggesting that this campaign in particular definitely went on for months," he says.

The loss to consumers is often time spent getting reimbursement from their credit card companies. But for the retailers, Kellermann says the loss is "incalculable."

It costs about $200 per lost record to cover legal expenses and fines. In addition, as Target recently saw, a retailer's reputation takes a hit, and its stock can fall.

Doug Johnson, who oversees risk management policy for the American Bankers Association, says banks sustain losses as well. He says forensic investigations — as the FBI and Secret Service are conducting now on the Target and Neiman Marcus breaches — take a lot of time. In the end, it's often difficult to prove where the data leaked, and so banks often end up holding the bag.

"[Because] it's the financial institution that reimburses the customer for that fraud," Johnson says.

Target CEO Gregg Steinhafel apologized to customers on CNBC on Monday, saying Target would pay for credit monitoring and vowing to make things right for the consumers.

Copyright 2014 NPR. To see more, visit


A Glimpse Of Listeners' #NPRpoetry — From The Punny To The Profound

It was a simple idea: Would you, our listeners, tweet us poems for National Poetry Month? Your response contained multitudes — haiku, lyrics, even one 8-year-old's ode to her dad's bald spot.
WAMU 88.5

Eating Insects: The Argument For Adding Bugs To Our Diet

Some say eating insects could save the planet, as we face the potential for global food and protein shortages. It's a common practice in many parts of the world, but what would it take to make bugs more appetizing to the masses here in the U.S.? Does it even make sense to try? A look at the arguments for and against the practice known as entomophagy, and the cultural and environmental issues involved.

WAMU 88.5

A Federal Official Shakes Up Metro's Board

After another smoke incident and ongoing single tracking delays for fixes, U.S. Secretary of Transportation Anthony Foxx announced a shake-up of Metro's board.


'The Guardian' Launches New Series Examining Online Abuse

A video was released this week where female sports journalists were read abusive online comments to their face. It's an issue that reaches far beyond that group, and The Guardian is taking it on in a series called "The Web We Want." NPR's Audie Cornish speaks with series editor Becky Gardiner and writer Nesrine Malik, who receives a lot of online abuse.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.