http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

In a statement (PDF) issued last week, Fazio said it was “the victim of a sophisticated cyber attack operation,” and further that “our IT system and security measures are in full compliance with industry practices.”

Translation: the bad guys are smarter than we are.

"... full compliance with industry practices" is a fig leaf and a huge joke.

Isn't social engineering wonderful :bang:

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#r=read

Alarms ignored.

Does not look good for Target.

The one thing that keeps showing up is that Target didn't want to spend any money on internet security. Sadly they are not alone. It is not only corporations like Target. How many times have we seen a poster here who is in trouble because they went cheap while putting thousands and maybe 10 thousand dollars of information at risk. People still risking their irreplaceable files on an out-of-date machines with unsupported OSs and very often without back up let alone off site back up.

The one thing that keeps showing up is that Target didn't want to spend any money on internet security. Sadly they are not alone. It is not only corporations like Target. How many times have we seen a poster here who is in trouble because they went cheap while putting thousands and maybe 10 thousand dollars of information at risk. People still risking their irreplaceable files on an out-of-date machines with unsupported OSs and very often without back up let alone off site back up.
Really?

First of all, did you read this from the article at the link:
It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.


I do not agree with your leap from the average Joe-blow PC user's ignorance and lack of awareness to the Target's failure are the same thing. There's a big difference between being ignorant and stupid.

I read both articles including the part about running a free verison of a popular anti-virus. While I agree that there is a lot of difference between being ignorant and stupid, but the punishment is the same. Target is the same boat as a lot of other retailers. The pressure to cut costs is enormous. So is the pressure not to let security interfere with sales. Why do you think they did nothing when warned about the possible threat? It had to be because to do something was going to cost them some business heading into the holiday season. Nothing else makes sense. They made a high stakes ill-conceived gamble and lost. But it is not like companies aren't taking similar risks everyday for the same reasons. So are the Joe Blow average computer users. It all boils down to money that nobody wants to spend.

The one thing that keeps showing up is that Target didn't want to spend any money on internet security. Sadly they are not alone. It is not only corporations like Target. How many times have we seen a poster here who is in trouble because they went cheap while putting thousands and maybe 10 thousand dollars of information at risk. People still risking their irreplaceable files on an out-of-date machines with unsupported OSs and very often without back up let alone off site back up.

How's the weather up there on your high horse