Target was the target of a very sophisticated cyber attack before Christmas. They got credit and debit card information from Target’s customer base during the busiest shopping days of the year.
Target immediately informed their customers that their information might have been stolen and put out a series of informational emails and announcements about the cyber attack. The information release and working with their customers is an ongoing effort as they released a new announcement today that apparently the attack got more customers information than was first indicated.
In addition to being immediately upfront about the cyber attack, Target has offered all of their customers free credit monitoring for a year to insure that they can help their customers – known as “guests” to Target Team Members – mitigate any possible damage to their credit.
We’re sure this mess isn’t over, and we’re also sure that Target will stay on top of the situation, keep their customers informed, and work hard to help any customers who’ve been damaged by this breech.
Here’s the latest report.
Let’s take a moment and compare the response of Target to the response of the Obama administration with respect to possible data breaches in the ObamaCare system.
Keep in mind that Target has a very mature and secure network. It’s been around for years, they have a very professional IT group who’ve built the system, and they’ve never had any major data breaches.
The ObamaCare system, on the other hand, was designed in a patchwork by unconnected groups of people, the overall management of the system architecture and code was a complete fustercluck and is ongoing in that regard. The entire system isn’t even complete, though it was launched on October 1 of last year. Security has been, from day one, an afterthought.
It could take a year to secure the risk of “high exposures” of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday.
“When you develop a website, you develop it with security in mind. And it doesn’t appear to have happened this time,” said David Kennedy, a so-called “white hat” hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.
“It’s really hard to go back and fix the security around it because security wasn’t built into it,” said Kennedy, chief executive of TrustedSec. “We’re talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself.”
Insurance customers who are using the Federal Exchange – and we don’t think the state exchanges are any better, they were written by mostly the same people – are entering their social security numbers, their birthdays, basically all of their personal information, along with payment information. According to multiple computer security people, the information is wide open and ripe for picking.
It just so happens that federal law exempts the government from the requirement to inform consumers if there has been a security breach and their personal information might have been stolen. The Obama administration, in the same spirit of transparency that has rule Washington since inauguration day 2009, is refusing to meet the same standard that federal law requires companies like Target to meet.
The good news here is that it looks like even Congressional Democrats – who are in a dither about the upcoming election – are turning their backs on The Imperial President in droves.
The House has passed its first Obamacare-themed measure of the year, approving 291-122 a bill requiring the administration to quickly notify Americans if their personal information has been compromised on the new health insurance exchanges.
Sixty-seven Democrats joined Republicans to pass the bill, which was offered by Rep. Joe Pitts (R-Pa.).
Republicans aimed the vote squarely at what they consider one of their best Obamacare targets now that most of the Affordable Care Act is in effect and HealthCare.gov is working: the flow of Americans’ personal information between the federal data hub and the insurance marketplaces.
The administration insists that the law is not necessary because there haven’t been any security breaches to the ObamaCare system. Well, there haven’t been any that the administration has admitted to.
This is another case of the Obama administration putting itself above the law that we common folk have to follow. Kind of like Tim “Turbo Tax” Geithner not bothering to file his income taxes just before he was nominated to be Secretary of the Treasury.