SB0614 – Newberry in the Senate Data Breach
The Issue
In recent years breaches in data security have become common place. When breaches occur, a consumer’s personal and financial information are put at risk. Cyber criminals most frequently target retailers that make a practice of storing a customer’s credit card information beyond the necessary time frame and in many cases do have in the place appropriate security protocols.
These lapses in security not only place consumers at risk but also result in considerable costs to financial institutions that are forced to issue replacement debit and credit cards, make adjustments to members’ account information and assorted other tasks to ensure the safety of financial information.
Even though
…show more content…
A violation of this act that results in injury or loss to residents of this state or to a financial institution may be enforced by the Attorney General or a district attorney in the same manner as an unlawful practice under the Oklahoma Consumer Protection Act.
The Attorney General or district attorney may enforce under the Oklahoma Consumer Protection Act.
The Attorney General or district attorney may consider costs incurred by the financial institution including:
1. The cancellation and reissuance of a credit card or debit card affected by the breach;
2. The closing of an account affected by the breach and any action to stop payment or block a transaction;
3. The opening or reopening of an account affected by the breach;
4. A refund or credit made to an account holder to cover the cost of any unauthorized transaction related to the breach;
5. The notification of account holders affected by the
Modern day technology has changed the ways in which people purchase products and services. In the twenty-first century, all business has pretty much converted over to the electronic payment systems. One swipe of a credit card and immediately the data transmits through a gateway onto the payee 's bank processing link. However, during the disbursement of data is when more than forty-three million people’s debt or credit card information becomes promised. May of these computer programs assume the title of Hackers. A hacker is one who installs malicious software onto individuals compter’s or computers networks. In hopes of gaining unauthorized access to sensitive information on the victim 's computer.
During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.
In December of 2013, target corporation faced a serious security breach where over 40 million credit cards were stolen from different target stores. This paper is going to explore the problem, the background information about the problem, the controls that could have been in place to prevent the issue, the intended plan of control and the associated risks involved.
During the dates of November 27 through December 2013, the department store Target experienced a data breach in which approximately 40 million customers credit and debit cards were exposed. During this breach, customer’s personal information may have also been exposed for use of possible fraud. January 2014, Target
On December 18, 2013, one of the security bloggers, Brian Krebs, posted in his blog that Target, one of the biggest US retailers, had suffered a massive data breach. The next day, Target announced that data from more than 40 million credit and debit card accounts had been stolen from its systems, and noting that they started a thorough investigation. Perhaps learning from Target’s mistakes, other organizations could achieve a goal of better protecting themselves and their customers’ information.
An unauthorized and highly sophisticated malware that not been encountered previously by any security company attacked the point-of-sale systems where all the card information is stored. The outcome of this hacking been extensive and affected millions of customer’s personal and payment data was exposed, results in the payment card compromise of three million customers.
The intriguing thing about the TJX escapade is that TJX lost the Visa information of 96 million buyers (around 29 million MasterCard casualties and 65 million Visa casualties). The expense, all things considered, had to be taken care of by the guarantors of the charge cards. From a business point of view, the scandal shows up not to have unfavorably influenced TJX. It may matter to clients who turned into the casualties of character extortion and the banks who need to cover the false utilization of charge card numbers, yet it has not influenced TJX. Since TJX lost claims by banks, it seems to have affirmed the of held (but deceptive) conviction that defensive measures are unimportant, and that the insignificant sum ought to be spent on them.
In January 2007, TJX Companies Inc. released a statement to the press that an estimated 40 million of their customer’s credit card accounts had been compromised (although final reports state that over 94 million accounts were affected) (Berg 2008). Through the company’s POS (Point of Sales) system, credit card information was stolen by a ring of hackers and approximately $4.5 billion spent on these cards (Berg 2008). What the hackers did was intercepted the credit card information from customers who swiped their cards at the store and then created their own physical cards using this information. Then they sold the credit cards to people, who turned around and used these cards at retail stores, like Walmart (Agrawal 2011). Three areas of weakness within the company’s IT systems that allowed for an attack of this scale were: inadequate wireless security, improper storage of customer data and failure to encrypt customer account data (Berg 2008).
Michael’s Store, Inc. is an arts & crafts Retail chain. It has more than 1040 stores located in 49 US states & Canada. The company also owns and operates the Aaron brother’s retail chain, which happens to have an additional 115 stores across the Country. Michael’s store Inc. had a Security breach, which took place between May 8, 2013 and January 27, 2014. About 2.6 million cards or about 7 percent of payment cards used at its stores during the period were affected. Alarmingly, its subsidiary Aaron brothers also had been breached between June 26, 2013 and February 27, 2014. It was reported that Aaron brothers had 400,000 cards impacted. The duration of the treacherous attack in total was 8 months (Schwartz, 2014). In this report, security breach of Michael’s store Inc. is analyzed. The topics covered are how the breach occurred, what did the authorities do to educate the customers & how in future such attacks can be avoided.
On September 8, 2015, it was discovered that a Patriot Financial Services (PFS) employee, whom provided customer support services to clients, had stolen personal financial data from approximately 50K of their customers. The data stolen by this employee was comprised of personal customer information including full names, home addresses, social security numbers, contact numbers, bank account numbers, driver 's license numbers, birth dates, email addresses, mother 's maiden names, pin’s and account balances. The suspect employee then proceeded to leak out this
In regards to the attack "at this point is best directed to Target." An expert with a global firm that assist companies responding to and mitigating breaches he said while he could not address the Target situation specifically, most companies — large and small — are generally under-prepared when they are faced with a breach. The most important thing is that the attack or breach be addressed quickly, to assist with getting information out to those whom are affected and to regulators, to bring in the right experts to address the breach (such as forensics experts who can stop cyberattacks) and to help preserve the public's trust in the
On January 2007 a press release was issued according to CPA journal article “Analyzing the TJ Maxx Data Security Fiasco” that TJX Companies, Inc. the parent company to retail stores like TJ Maxx, Marshalls, HomeGoods, and A.J Wright stores; computer systems had been breached and that customers’ information had been stolen. (Berg, G. 2008, August) This data breach became the largest one of it’s kind because during the investigation there was reported that approximately 94 million Visa and MasterCard accounts had been compromised (Berg, G. 2008, August).
For example, when a bank customer calls the bank about the situation the bank customer lose productivity because the might have to take time off from work. Additionally, the bank customer has to tell the bank about how the attack happened and fill in paperwork. The estimated losses in productivity are between $1 and $10,000. Productivity can be the only loss for the bank customer but if a bank customer chooses to sue the bank there will be additional losses because of lawyer fees. The estimated losses for fine and judgments are between $0 and $10,000. However, the most likely estimated loss is at $0 because most bank customers are satisfied enough with getting reimbursed their losses.
Before credit and debit cards were developed, merchants would issue a line of credit to customers who did not have the funds to purchase their items. This credit processed involved using a ledger to record the amount owed for the items purchased. In today’s vastly growing economy, credit and debit card use plays an ever-present role in society. “Credit and debit card acceptance enables merchants to sell goods and services to customers who increasingly choose electronic forms of payment over other payment types” (“Payments 101”, 2010). Everything from purchasing house hold items such as grocery’s and furniture, to minimal tasks such as paying for parking for an hour, credit and debit cards provide people with more freedom when it comes to having access to funds and making purchases. Along with the rise of credit and debit cards, in a computerized and technological world where information is valuable, securing credit card information has its challenges. Validation and encryption are important practices that ensure the security of debit and credit cards, and they play a key role in providing the customer with assurance that their funds and bank information is confidential and secure. This paper will begin by explaining how credit and debit transactions take place and will go into further detail about the security, validation, and encryption processes that take place throughout the transaction. For the purpose of this paper the term credit cards will refer to both credit and