Newsroom

KrebsOnSecurity has reported that a previously confidential report on Target's security system reveals that the corporation had no controls to prevent hackers – once inside the system – from gaining access to every point-of-sale register and server.

Target hired Verizon security experts in 2013, after the company's massive data breach, to investigate its security weaknesses. The report, which Krebs obtained last week, said there were "no controls limiting … access to any system, including devices within stores such as point of sale (POS) registers and servers."

Krebs noted that the report's findings bolster a theory that Target's breach originated from the company's work with Fazio Mechanical, a small heating and air conditioning company in Pennsylvania which had recently suffered a data breach.

In related news, the five financial institutions suing Target in response to its data breach were certified as a class by a Minnesota federal district court judge last week.

Class action status will allow other financial institutions to join the case.

NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt welcomed the court's decision. "As we have consistently maintained, credit unions deserve to be made whole for their losses, and this includes the opportunity to pursue all legal options available."

NAFCU continues to monitor the case closely, and to push lawmakers to pass a national data security measure requiring retailers to be held to the same standards that financial institutions already follow.