Montgomery law firm says retailer security breach 'tip of the ic - WSFA.com: News Weather and Sports for Montgomery, AL.

Montgomery law firm says retailer security breach 'tip of the iceberg'

Posted: Updated:
MONTGOMERY, AL (WSFA) -

It may be just the beginning - experts warn the massive security breach at Target may impact more stores. Not only were other retailers likely hacked, the information that was stolen continues to make its way into the wrong hands.

A police chief in South Texas says it looks like the account information stolen from Target last month is being divided up and sold off regionally. The McAllen, Texas police chief made the comment following the arrest of two Mexican citizens who arrived at the border with 96 phony credit cards. He says the pair used the cards to buy tens of thousands of dollars worth of merchandise at area stores, including Best Buy, Wal-Mart and Toys R Us.

A federal official later discounted the police chief's statements saying there is no connection between the arrests and the retailer's credit card data theft.  Texas police and federal agents are working together to determine how the men got the information to make the fake cards.

Target was first - a cyber attack that compromised the credit card numbers and other personal information of up to 110 million customers.

Then, Neiman Marcus admitted that its data systems had been hacked.

Now, a new report from the cyber watch group IntelCrawler suggests at least six more retailers have yet to tell customers they've been breached with the same malware attacking their online credit card processing.

"Once it's identified, then the security community can rally around it and put controls in place. But the problem is, the hackers know that. So they manipulate or mutate this malware, and then re-use it," said Ken Stasiak, CEO of SecureState. "it was put up on the internet for download for other hackers to then take, and potentially use it for malicious harm. And that's what we believe happened to Target as well as Neiman Marcus.

Jere Beasley, whose Montgomery law firm has filed two class action lawsuits against Target, says it's just the beginning.

"I don't think we've seen the end of this. In fact, I think we've really only seen the tip of the iceberg. We believe that there will be other huge retailers. The losers here are the American people, the consumers," Beasley said.

Beasley says legislation introduced in the U.S. Senate this week appears to provide consumer protections in the event of security breaches like the recent Target data theft, but actually undermines their right to justice through the court system. The Data Security Act of 2014 was introduced Jan. 15 by Sens. Tom Carper (D.-Del.) and Roy Blount (R-Mo.).

"This legislation is designed, really, to hurt consumers. It prohibits, for example, private lawsuits. It prohibits class actions. It says you cannot sue under state law, even though the credit card companies and the hackers and everybody else may be violating state law. This act says specifically that you- a victim- cannot file a lawsuit under state law and that is absolutely mind boggling," Beasley told WSFA. "When you consider that you have a monumental, devastating problem facing the American people, anybody who has a credit card, and to put legislation into the hopper that protects the very people who are the wrong-doers makes no sense."

The bill would establish a national standard for data breach notification, and require American businesses that collect and store consumers' sensitive personal information to safeguard that information from cyber threats. While that sounds reasonable, the bill actually protects the retailers, Beasley said.

If a huge retailer complies with the Act it would be immune from liability for any wrongdoing. It also appears that banks, card companies and other financial institutions are not covered by the act, the law firm said in a press release.

"The Federal Trade Commission and Congress have a direct responsibility to change our system and until they do, we're open season in this country,"  he added.

A cyber security firm who identified a Russian teen as the one responsible for the malware used in the security breaches has released an updated report saying another author crafted the code, through the firm still accused the teen of playing a role in the breach.

The teen has fought back against the accusations in different Russian media outlets, saying he does not have the education needed to create the virus and that he only writes code for personal use.

Copyright 2014 WSFA 12 News.  All rights reserved.

Powered by WorldNow