Many of us who learned about the recent data breach at Target greeted the news with an annoyed sigh, rather than a panicked shriek. That’s because we’ve become all-too-familiar with the consequences of our cyber lives. Whether it’s the National Security Agency vacuuming up our conversations via phone and email, companies collating and exploiting our shopping choices and browsing habits, or criminals seeking a crack in a firewall, we who have accepted the conveniences of the Internet have also accepted its imperfections.
Yes, there are more than a few neo-Luddites out there who refuse to step into the 21st century and avoid the World Wide Web like the plague. But the reality is, for many of us, our online identities have come to define how we interact with our banks, our favorite merchants and even with each other.
We’re not here to bemoan the loss of connection between human beings caused by technology, because in some ways, it has actually increased connections, though perhaps not face to face.
But what technology has done is made us more vulnerable to those who might use our personal data for their own gain.
Case in point: The recent news that credit and debit card information of 40 million customers of Target stores was obtained by what appears to be the use of malware downloaded by an employee.
"The scope of the Target theft -- and the fact that it hit during the busiest shopping season -- means it was probably the work of organized cyber criminals who had planned for it well in advance," noted Time Magazine’s Victor Luckerson. "Instead of trying to use the credit card data themselves to buy things, they’re likely to sell the data on underground forums, experts say, perhaps for a few dollars per card."
Target said the breach occurred between Nov. 27 and Dec. 15, a period that included Black Friday. Target is receiving criticism for its failure to recognize the breach for nearly two-and-a-half weeks.
"How do you get 40 million credit cards and no one knows about it?" Ken Stasiak, chief executive of SecureState, told the Los Angeles Times. "That’s a hell of a lot of credit cards. There should have been someone inside the company who spotted this much sooner."
The Los Angeles Times noted that the breach could cost consumers $4.1 billion, almost all from potential debit card losses, and victims collectively could spend as many as 131 million hours getting their accounts in order.
While the news of the data breach has been met with consternation, many of us shrugged out shoulders because this isn’t the first time it’s happened.
"In 2007, cybercriminals broke into the computer system of TJX Cos. and stole up to 94 million customer credit and debit card numbers," noted the Boston Globe. "TJX operates TJ Maxx and Marshall’s stores. That breach was estimated to have cost the Framingham, Mass., company about $200 million."
And just this summer, a ring of Russian and Ukrainian hackers stole 160 million credit card numbers -- targeting retailers such as JCPenney and 7-Eleven -- over several years and used the data to steal millions of dollars.
Earlier this year, a local business had happen to it what happened to Target. Data was stolen from its point-of-sale system and many people had to cancel their cards and order new ones. Fortunately, local consumers understood the merchant was just as much a victim as its customers were and didn’t punish it by refusing to do business there.
As the Globe noted, businesses have spent millions to protect sensitive data in recent years, but malicious software has grown more complex as underground syndicates trade secrets and sell the software needed to execute attacks.
One reason sophisticated malware can grab so much data is the habit of major businesses to gather and analyze information about customer demographics and buying habits in a strategy known as data mining, noted the Los Angeles Time.
"Personal data is king to merchants, to retailers, to banks, to the NSA and to organized-crime groups all over the world," said Mark Rasch, an attorney and expert in computer security in Bethesda, Md.
With that knowledge, it is upon all our shoulders to protect our data the best we can. But we all know there is only so much we can do if we choose to partake of modern technology. Unless we are willing to take a step back and only use cash or checks, we are locked into a system with inherent vulnerabilities that the less-than-savory can take advantage of.
So if you used your cards at Target during that time period, it might behoove you to keep an eye on your account or if you are really concerned, cancel your cards and order new ones with a new pin number.
You should also notify your credit card company and bank, even if your statements look copacetic.
It is also suggested that those who worry their cards have been compromised should contact one of the three major credit reporting agencies: TransUnion, Experian, or Equifax.
"It doesn’t matter which one, as each is required to inform the other two of potential identity theft," noted The Guardian. "By calling them, you will place an 90 day fraud alert on your report. This alert will make it harder for anyone to open new accounts using your information."
But consumers aren’t likely to change their habits any time soon, noted the Los Angeles Times.
Phil Schneider said he doesn’t plan to shop at Target any less often. He told the Los Angeles Times if there’s evidence of spending that isn’t his, he said he’s sure Target "will make good on it."
"I don’t blame anybody, but I’m shaking my head," he said. "Target’s not some fly-by-night company -- they’re a good firm."
Data breaches are also a sign that merchants need to change their way of thinking and of doing business.
"People who run companies are not aware that they’ve actually become software companies," Barbara Endicott-Popovsky, who directs the Center for Information Assurance and Cybersecurity at the University of Washington’s Information School, told Time Magazine. "We’re headed toward the Internet of things, where we have embedded software in every product. What we’ve done is open up a whole host of vulnerabilities."
With that said, and for fear of sounding flippant, have a Merry Christmas.