The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.
An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.
The group being implicated has stolen over 160 million card numbers over the years by hacking organizations, including Heartland Payment Systems, Visa and 7-Eleven.
Banks impacted by the Target data breach have banded together to file a class-action against the retail giant, as well as against security firm Trustwave.
After claiming it saw no evidence that payment card data was taken in a breach, the chain now says fewer than 25,000 records were "illegally accessed."
Prior to its massive breach, Target seems not to have responded to multiple alerts from security company FireEye involving suspicious activity on the retailer's network.
An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.
In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.
The malware is based on the leaked code of Zeus and RAM-scraping malware.
The associations will explore options for improved information sharing and implementation of card security technology.
Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.
Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.
White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.
A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.
Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.
After Target and Neiman Marcus, Michaels Stores is the next in a line of U.S. retailers to reveal that it is investigating a possible security breach that may have resulted in the compromise of customer payment cards.
Researchers at Barracuda Labs discovered that the toy and game website was infected.
On Wednesday, the retailer's CEO Karen Katz announced that malware on its payment systems may have impacted more than one million cards.
IntelCrawler concluded on Sunday that 23-year-old Rinat Shibaev - not 17-year-old Sergey Taraspov, as the company previously reported - is the writer of the malware that infected Target's point-of-sale systems.
At the border of U.S. and Mexico, two individuals were arrested in connection with the late-2013 Target breach.
The attack on Neiman Marcus point-of-sale systems dates back to July 2013 and the threat was not completely mitigated until Sunday, unnamed people briefed on the retailer's investigation told the New York Times.
The operation that likely led to the infection of Target's point-of-sale systems is known as KAPTOXA, according to a release by iSIGHT Partners.
Researchers with cyber intelligence company IntelCrawler have identified a new point-of-sale (POS) malware, known as 'Decebal,' available for purchase on underground forums.
The refund was agreed upon under a Federal Trade Commission (FTC) settlement.
Malware found on the payment systems of Neiman Marcus led to the compromise of card data for an undisclosed number of shoppers, but PIN data is not at risk because the retailer does not use PIN pads in its stores.
A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.
High-end retailer Neiman Marcus is now added to the list of major retailers confirming credit card breaches.
Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards and other personal information.
On Thursday, the online retailer began accepting the popular digital currency.
In addition to an earlier revelation that 40M cards were pilfered, the PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.
A group of individuals communicating in underground forums are attempting to decrypt a 50GB dump of Triple DES encrypted PIN numbers believed to have been acquired in the massive 2013 attack on retail giant Target.
Due to the glitch, some travelers were able to purchase $400 flights for $48 or less.
Three senators have asked that a congressional hearing on consumer data security be held as soon as possible.
The Briar Group confirmed that its systems were breached between October and November.
A payment processor that handles transactions for Target denied being impacted in an attack on the retail giant's point-of-sale devices.
According to a UK researcher, eBay's site has remained vulnerable to cross-site request forgery (CSRF) attacks for several months.
Credit and debit cards and CVV codes stolen by hackers in the holiday Target breach have begun showing up in underground marketplaces.
Retail giant Target has yet to announce exactly how attackers compromised its point-of-sale devices, but researchers and security experts have already begun weighing in on the implications of such a colossal breach.
The retailer announced that it had become the target of a more than two-week-long attack that may have compromised 40 million credit and debit cards.
The malware, dubbed "ISN," is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, Trustwave found.
The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.
The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
On Wednesday morning, the website showcased items, normally priced for hundreds of dollars, at around $10 to $20.
So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.
"The 2013 eCommerce Cyber Crime Report" weighed the business loss incurred by holiday cyber attacks.
Fraudsters boldly entered the store to plant skimming devices.
According to a federal judge in Illinois, the plaintiffs failed to demonstrate loss or injury as a result of increased risk of identity theft, invasion of privacy and other claims.
The case hinges on a 2012 breach where the live video feeds of nearly 700 web-connected cameras were made available online.
Liberty Mutual, the insurer for St. Louis-based Schnucks, said the supermarket chain's general liability policy wasn't designed to absorb costs associated with data breach lawsuits and related claims.
The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.
US Airways reported Aug. 2 that an unauthorized user gained access to a small number of Dividend Miles accounts. It was the second reported breach in under a month for the airline.
A programming error experienced by the payroll vendor for US Airways may have allowed employees to see wage information belonging to their colleagues.
Mapco Express suffered a credit card breach in March and April after hackers infected its systems with malware.
Customers that used their credit and debit cards during the month of February may have had their data exposed.
More than half of C-level executives surveyed in large Canadian companies do not educate employees about data security, storage and destruction.
Between June and July, the U.S. Food and Drug Administration shut down 1,677 pharmacies it says were operating illegally.
Technological vulnerability and valuable data make retailers the latest target for malware attacks, says Jenny Craig CIO Abe Lietz. Karen Epper Hoffman investigates.
The supermarket chain, which has more than 120 stores, primarily in California, was targeted by online intruders.
Adrian-Tiberiu Oprea, a Romanian man, admitted that he helped steal payment card data from hundreds of U.S.-based point-of-sale (POS) systems at the sandwich chain.
Mapco disclosed this week that hackers compromised its payment card processing systems to steal credit and debit card information belonging to an unknown number of customers.
The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.
The trojan was recently a topic of discussion on an underground Russian forum, researchers found.
The Payment Card Industry Security Standards Council (PCI SSC) released recommendations for card data security and compliance in cloud environments.
How can we provide the customers with outstanding customer support to complement our products?
Zaxby's, a Georgia-based restaurant chain, said the credit and debit card information of customers at locations in 10 states may have been accessed by fraudsters.
Cezar Butu received the penalty after admitting that he helped infiltrate the credit card processing systems of more than 150 Subway restaurants in 2011.
The PCI Security Standards Council, the body that manages payment security industries guidelines, on Friday released a methodology for meeting a risk management requirement included in the standard.
Less than two weeks after the book giant revealed that PIN pads at dozens of its stores were compromised, four victims have filed lawsuits, alleging the company failed to properly protect their data and notify them in reasonable timeframe.
EMC has acquired Menlo Park, Calif.-based online fraud detection provider Silver Tail Systems. Silver Tail, which offers "real-time web session and behavioral analysis" for banking, e-commerce and government customers, will operate as part of RSA, EMC's security division.
Fraudsters tampered with the point-of-sales devices at a number of locations to steal customers' debit and credit card information.
Two men each have been sentenced to 36 months in prison for withdrawing tens of thousands of dollars from ATMs with credit card information that was stolen from craft-store retail chain Michaels Stores.
The Federal Trade Commission is alleging that the hotel chain failed to implement basic security practices, which led to a number of costly data-leakage incidents.
A 21-year-old Dutch man is accused of accessing the point-of-sales terminals of restaurants and other businesses to steal credit card numbers, which he and a co-conspirator then sold in underground forums.
The body that manages debit and credit card security standards on Wednesday released best practices for retailers wishing to accept payments via mobile devices.
A group of six has been charged in the latest scam to defraud bank customers through the use of skimming devices, a trend that has seen a noticeable uptick in arrests and prosecutions over the past year.
A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
A 33-year-old Maryland man on Friday was sentenced to 5 1/2 years in prison for participating in an identity theft and credit card skimming scheme, according to the U.S. attorney's office in Alexandria, Va.
Trustwave's annual review of its data breach response investigations concluded that franchises are now the prime target for hackers seeking customer data, such as credit card numbers.
The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
Hackers breached a server belonging to online retailer Zappos and made off with the personal information of 24 million customers, though no credit card numbers were involved.
Hackers breached the systems of New York-based food services wholesaler Restaurant Depot, and stole hundreds of thousands of credit and debit card numbers.
Studies show that online consumers are concerned about security and privacy. That means web retailers must ensure they are taking all the steps necessary to ensure a safe and transparent shopping experience.
The defendants allegedly compromised the credit card data of 80,000 customers and made millions of dollars in unauthorized purchases.
As of Monday, at least 80 people were victimized by credit and debit card readers being tampered with.
Proper DNS management by organizations is critical to protecting against threats and staying online during the busy holiday months.
Sony's PlayStation Network again has been hit by hackers, but the limited damage that resulted could point to strides being made by the electronics giant.
Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
The organized structure of a huge identity theft operation, based in New York, allowed members to make millions in profits.
Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
Much-maligned Sony announced Tuesday that it has hired a former U.S. cybersecurity official to serve as its first-ever chief information security officer. Philip Reitinger, 49, the former director of the National Cybersecurity Center at the U.S. Department of Homeland Security since June 2009, who tendered his resignation in May, will be tasked with assuring the protection of the multibillion dollar company's assets and services. It's been a tough year for Sony, which has experienced multiple breaches, most notably the compromise of its PlayStation Network and Qriocity services, which resulted in the exposure of the personal details of tens of millions of users. Reitinger has been in the private sector before, where he held the role of security strategist at Microsoft.
Fallout continues, and new corporate victims come to light after the massive breach of an email marketing services provider.
A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.
A growing list of companies, including Capital One, U.S. Bank, Citigroup and JPMorgan Chase, are notifying customers that their email addresses were stolen by hackers.
For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
Mobile payment service startup Square has refuted claims made by a competitor that its card reader could easily be turned into a skimmer capable of stealing financial and personal information.
eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.
The PCI Data Security Standard assessment process must change, or the payment industry faces an ethical bind.
The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.