To answer my question – no, but it sure seems like it. If you live here, as I do, and you see two of the biggest locally headquartered retail giants take a tumble like this, it is easy to become paranoid. But these kinds of breaches are happening everywhere this year. Major national and regional retail chains (Goodwill, Neiman Marcus, Jimmy Johns, Michaels, etc.) get all the press because of their size and the sensational nature of the crime, but a little liquor chain in Texas was similarly attacked, although the perpetrators appear to have been local in that case.
It sure would be great if the many cybersecurity professionals who are working on recovering from these breaches would find a solution that would do a better job of keeping the bad guys out. But as we discover in almost all these cases, the breach was started when one employee, contractor, or vendor fell for a phishing email and gave their user credentials away on a good looking but fake web site of some sort. It is very hard to defend against stupid.
So as a consumer who uses Visa or Master debit, bank, or credit cards, what can you do? Well, you can’t be changing your card number every time another one of these rolls down the pike. And for the most part, if your card starts getting spurious charges, the card companies will tell you and switch out your card automatically. The one you want to keep an eye on are banking check cards and debit cards, because your losses on those kinds of cards may not be covered.
And while you are at it, when at your job, please don’t fall for a phishing email that could open YOUR company up for this type of attack. Learn what to look for, and develop some serious skepticism about emails that seem odd. Do not click through on the provided link to the fake website. Do not give up your user ID and password just because someone official sounding asks you to do so. Try not to be the wonderful, trusting, giving person you are when working online with anonymous strangers.
Between the time I wrote this, last week, and today, we are seeing articles even in the local Sunday paper about how as many as 1,000 more companies are experiencing POS (point of sale system) breaches using the BackOff malware. These numbers are coming from the US Secret Service. For those of us who are using plastic as payment, you have a couple of options. The first one is switch to cash. Cash is still impossible to hack, and when you lose your cash you don’t lose your identity as well. The second option is to switch over from bank and checking cards to credit cards that fully protect you from financial loss. If you are using a checking card from your bank, call and ask them how you are protected in the event your card number is stolen.
The odds are your credit card number will be stolen sometime this year. Get used to it, we are a ways away from a good solution, such as the chip and pin cards they have been using in Europe for a decade. Looks like these might not be as secure as we hoped either.
ShareAUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com