Target CEO promises cybersecurity education of the masses

Target CEO promises cybersecurity education of the masses

Summary: Oh, the irony.

SHARE:
TOPICS: Security
9
Screen Shot 2014-01-14 at 10.47.32
Credit: Target

Target CEO Gregg Steinhafel has promised to fix the damage caused by a major data breach, and attempts to recover its reputation by the creation of a coalition aimed at improving understanding of consumer-based scams.

In an open letter posted at A Bullseye View, the chief executive wrote that after the firm's data breach took place in December, an investigation -- which is ongoing -- revealed the private information of customers was stolen; including names, credit and debit card information, addresses, phone numbers and email addresses.

Up to 70 million people were affected.

Steinhafel wrote:

"I know this breach has had a real impact on you, creating a great deal of confusion and frustration. I share those feelings. You expect more from us and deserve better.

We didn’t live up to that responsibility, and I am truly sorry."

In order to try and salvage the firm's reputation, the CEO said Target is taking 'active steps' to make sure the security failure does not reoccur, and so the following changes have been made:

1. Closed the access point that the criminals used and removed the malware they left behind.

2. Hired a team of data security experts to investigate how this happened. That effort is ongoing and we are working closely with law enforcement.

3. Communicated that our guests will have zero liability for any fraudulent charges arising from the breach.

4. Offered one year of free credit monitoring and identity theft protection to all Target guests so you can have peace of mind.

In addition, Target's CEO says that the company will soon announce a coalition to "educate the public on the dangers of consumer scams." The company will also "accelerate the conversation–among customers, retailers, the financial community, regulators and others–on adopting newer, more secure technologies that protect consumers," although no details on how this will be achieved have been disclosed.

Point-of-sale systems are vulnerable to cyberattack, and the educational drive is nothing if not ironic. The problem is while consumers can be savvy enough to ignore phishing scams and not download malicious software, there is little we can do if a company responsible for so many customers suffers a data breach.

Education might be useful for the average consumer, but personally I would have liked to see the investment that will go into the drive -- prompted no doubt by panicking PR-types to thrust Target back in to the public spotlight in a position manner -- instead used to boost their security teams and security-software development, a factor sadly lacking on the list of changes.

What is the point of hiring data security experts to investigate the breach without hiring to bolster your own defenses, which appear to be sadly lacking?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • The point is

    Well there is no point. Everyone likes positive quick actions. Dealing with the long term problem is boring and does not make headlines.

    The goal of security is so nothing will happen. Spending money for nothingness is hard to justify. The next question is which large retailer will be next.
    MichaelInMA
  • Maybe Target is the scam

    I mean, this retailer has just been responsible for one of the biggest data breaches in the history of the world.

    It just let the personal details of millions of its customers get into the hands of criminals. Your credit card details. Your address. Your personal details. Now with criminals, who are about to put that information to use.

    Now Target says it will "educate the public on the dangers of consumer scams." Maybe Target needs to first educate its customers about the dangers of shopping at Target.
    Vbitrate
    • Oh, and one more thing

      That CEO of Target...

      His photograph is at the top of this article. This is the guy who must be held responsible, featured here with his Mona Lisa smirk. Doesn't he make you see red?
      Vbitrate
  • 'educate the public on the dangers of consumer scams'

    wow.
    how nice of Target.
    someone tell that guy that a 'consumer scam' was not what occurred.
    BitBanger_USA
  • Education of consumer based scams

    Way to go deflecting the problem here. Target customers information was hacked from your computer systems. They did not get it because an employee hit a download app button. You failed to protect your customers identities. Let's stay on topic Target.
    fdhealy4
  • Breach costs staggering

    They say that the cost to companies who suffer a breach like this is about $42 per customer account...at 110 million customer acccounts that looks like it'll set Target back a few billion dollars......
    Kia Ora IV
  • I wonder what technologies were not approved which would have avoided this

    I have gone through this many times with DR/BC planning. This would be the 5th plan I have drafted and the 5th one declined because "things are stable now, right?"

    'One poster above made a great point. "Spending money for nothingness is hard to justify". Yes, it is called Insurance in some circles. The only difference is, are we mandated by government to carry it or is it voluntary and being a good corporate citizen. I don't have any facts on this case but it will be interesting to see what technologies, solutions, consultancies, etc. that were turned down in the budgeting process due to cost before this became a problem. Perhaps all of their posturing is to hide this fact.
    djmik
  • No real solution offered!!!

    Hire a real IT staff to secure your systems; not just to investigate what and how it happened. Your systems were vulnerable and a weakness was exploited. This is outlandish how many data breaches have to occur here in the United States before businesses and the like get serious about data protection. The era we live in demands that you get some real security or go out of business; If you can not protect people information why should you say in business. Data security, privacy, and protection is big business. It is down right vital!!!
    Kerensz
    • my typo

      "Why should you stay in business"
      Kerensz