targetbreach12.20.13
TRANSCRIPT
-
7/27/2019 TargetBreach12.20.13
1/2
Filename:A1-MAIN-AJCD1220-AJCD Date/Time created:Dec 19 2013 11:42:09:033PM Username: SPEEDDRIVER03
Friday,Dec20,2013MAIN 1AAJCD1A
K
Cyan Magenta Yellow Black
1ACyanMagenta YellowBlack AJCD
K i l l e d
Filename:A1-MAIN-AJCD1220-AJCD Date/Time created:Dec19 201311:42:09:036PM Username: SPEEDDRIVER03
AJCD
Classifieds E1
ComicsD14
DearAbbyD4
Editorial A18
ObituariesB7
PuzzlesD13
TelevisionD3
TheVentB2
2013 AJC,VOL.65, NO. 354
PRINTEDWITHSOYINKONRECYCLEDPAPER
NATION&WORLD
Theatercollapseinjuresdozens
The ceilingof a Londontheaterpartially collapsedThursday night, showering apacked audience withheapsof plaster, wood anddust.More than80 people wereinjured, sevenseriously, A3
DuckDynasty:PhilRobertson,suspended fromthe series indenitely aftermaking controversial remarksabout gaysand blacks, isgetting some support fromkey followers, A2
NSA:ThenationaldebateoverU.S. governmentsurveillancehas tilted in favorofthoseseeking tolimittheNational Security Agencysexpansive spying powers,A6
BUSINESS
ImpactofFedtaperlikelytobeslightThe Federal Reserves moveWednesdayto slowits stim-uluswill ripple through theglobal economy. But exactlyhow it will aect people andbusinesses depends on whoyouare, A15
METRO
Emails:Bravesmove
putcityondefenseMayor Kasim Reeds teamwas not prepared for theBraves announcementthey weremoving to CobbCounty,and frantic messagesreveal the fallout, B1
Cobbgirls:Policehavestartedan investigationintotheposting of explicit photosof area high schoolers, B1
Ethicsagencyturns tooutsiderforassistance
Georgias ethics commis-sion took the unprecedent-ed step Thursday of hiringan outsider to oversee theagency roiled by bitter in-fighting and an intensifyingfederal investigation amidclaims its too cozy withGov. Nathan Deal. An ex-
lobbyist and former judgehas been selected, B1
Getthis greatdeal
atwww.Kudzu.com/deals:
Only$37 fororganicdeep
steamcarpetcleaning
includes2 rooms!
Lookbackat2013Bonuscoverageis justone click
away.OurYearInReviewlooks
backat localnewsincluding
coverageoftheAndrea
Sneidermantrial,theMcNair
schoolshooting,thetrials of
numerouspublicocialsand
theGwinnettfirefightersheld
hostage.Remember,youllhave
accesstoallofourin-depth
newsonMyAJC.complus
ourpremiumcoverage,specialphotogalleriesandourrich
interactivecontent.
The economic impact ofnew Atlanta Braves sta-dium includes 9,241 new
jobs a nd $ 295 millio n inwages. Revitalize Cobb, in a mail-er sent Nov. 22, 2013,B1
GOGUIDE,D1
Needplans forNewYearsEve?Useourguide
SPORTS,C1
Sayhello tothenewfaceofKennesawState
PartlycloudyHigh:64,Low:43
20%chanceof rain
Saturday:Rain,71/55
Sunday:Storms,69/61
Detailson thebackofSports
FRIDAY, DEC. 20, 2013
ByMichaelE. [email protected]
The Georgia unemploy-ment rate dropped last monthto 7.7 percent, its lowest pointin five years, as the economyadded jobs across a range ofsectors and layoffs slowed topre-recession levels.
Unemployment is still his-torically high and long-termjobl essnes s is stil l a virt ual ep-idemic, but the lower joblessrate reflects vast improvementfrom the double-digit unem-ployment of several years ago.
It also fuels hope that hir-ing will pick up through thenew year.
This confirms that the eco-nomic recovery is in place,said Jeffrey Humphreys, direc-tor of the Selig Center for Eco-nomic Growth at the Univer-sity of Georgia. This is verygood, soli d news .
The states economy added19,500 jobs in November and91,200 in the past year, ac-cording to Mark Butler, state
labor commissioner. Thegrowt h ca me in several indus -tries, which indicates a broadjob market recovery.
The job search is not easy,but m ore em ployer s are will-ing to hire, said Steve Hines, aBuckhead-based career coun-selor and author of AtlantaJobs.
The market has definitelypicked up this year, he said.There are just more openingsthan three or four years ago.
Despite that growth, in the4 years since the recessionofficially ended, the state has
Statesjoblessratedropsto5-yearlowLong-term joblessness
tempershopeful sign.
Among unemployed,nearly half have beensearching for6 months.
JoblesscontinuedonA4
GEORGIA ECONOMY
EricaParks,a 35-year-oldArmyveteran, searchesonline forjob
openingsat hergrandmothers home.Parkshasbeen outofwork
fortwo years. JASONGETZ /[email protected]
Inpast12months,Georgia
hasgained91,200jobs total.
Resultsamongvarious sectors:
27,400:professional
andbusinessservices
20,500: leisure
andhospitality
18,600: education
andhealthservices16,500:transportation
andwarehousing13,100:construction
During justNovember,
Georgiagained19,500 jobs.
Resultsamongvarioussectors:
14,700: trade,transportation
andwarehousing
2,000: government
1,700:financialservices
1,500:construction
1,500:education1,500:healthcare1,000:manufacturing900: informationservices
Growingjobs inGeorgia
Source:Georgia Departmentof Labor
The criminals who crackedTargets defenses, stealingdebit and credit card infor-
mation of as many as 40 mil-lion shoppers who swiped atthe retailers stores, exposed amajor vulnerability in the wayAmericans pay.
The credit card system isinherently broken, said Jer-emiah Grossman, the chieftechnology officer of Web-ap-plication security firm White-Hat Security. Its a shared-se-cret system, in which every-
one has the secret every timeyou swipe your card in theU.S.
That secret is the data en-coded on the back of magnet-ic-stripe cards: the name ofthe cardholder, plus the ac-count number, security codeand expiration date, amongother vital bits.
Banks and other card issu-ers not individual consum-
ers will absorb whatever di-rect losses result from the Tar-get se curit y brea ch. T hatsa fundamental part of howplastic works: consumer pro-tections shield individual
Target breach exposes holes
Target continuedonA12
CONSUMERSAFETY
Credit, debit systemsvulnerability put 40Mshoppers data at risk.
AlsoinsideDidyou shopat Target?Findout
howtoprotectyourcredit,A12
By Kristina Torres
The states case was meantto be a slam dunk: GeorgiaSen. Don Balfour, one of the
states top political leaders,had already confessed to filingdozens of error-filled expense
reports.Now Georgia Attorney Gen-
eral Sam Olens is left explain-ing why he backed such aclunker.
A jury took less than threehours to find Balfour notguilt y Thur sday on al l co unts
that he tried to steal moneyfrom the state, turning oneof the states highest-profilecriminal prosecutions into amess of finger-pointing andsour grapes.
Olens never set foot in thecourtroom during the three-day trial, but insisted after theverdict Balf ours ex pense re-quests were too numerous andsystematic to be simply iso-
lated mistakes, he said in astatement issued by a spokes-woman. If those request s had
been s ubmit ted by an un elec t-ed state employee, they wouldhave been prosecuted, and astate senator should not beheld to a lower standard.
Defense attorney WilliamHill Jr. claimed the state spent$1.5 million on the year-and-a-half investigation, basing his
Verdict lets Balfour get back to Ga. SenateLegislator acquitted ofling false claims;casebogged by minutiae.
BalfourcontinuedonA4
ETHICSWATCH
ReadwhattheAJCsKyle
Wingfield hasto sayaboutthe
possiblepoliticalramifications
afterthe Balfouracquittal.
AlsoinsideEthicsagencyhiresoutsiderto
overseetroubled commission,B1
A career educator Thurs-day became the first princi-pal to plead guilty in the Atlan-ta Public Schools test-cheat-ing scandal and the first defen-dant to be convicted of a fel-ony.
Armstead Salters, who over-saw C.L. Gideons ElementarySchool for three decades, ad-mitted he directed his teach-ers to change wrong answerson standardized tests to rightones.
It was an open secretthroughout APS that cheat-ing was going on at Gideonsfor years, Fulton County pros-ecutor Clint Rucker said dur-ing the court hearing. Evenso, Gideons received con-stant praise and accoladesfrom top APS administrators,including former Superinten-dent Beverly Hall, who alsois charged in the case, Ruck-er said.
Shortly after Salters enteredhis plea, the third formerteacher from Humphries Ele-mentary School also pleadedguilt y. Eigh t AP S def endan ts
now stand convicted. The 26who rem ain a re sch eduled togo to tria l next sprin g unl essmore enter pleas before then.
Salters, 74, began his teach-ing career in 1966 as a highschool science teacher. In1981, he was promoted to beGideons principal, a positionhe held until 2010.
The pressure to meet test-
First APSprincipalpleadsguilty
APSpleas continuedonA12
CHEATINGSCANDAL
Gideons educator
convicted of felony;26 defendants remain.
Followthecaseprogressof
eacheducatornamed in the
APSindictment.
The U.S. Army announcedThursday that its cyberwar-fare headquarters will move toFort Gordon with 1,500 jobs half likely to be well-paying ci-vilian techies givin g Georg iaan economic coup and boost-ing Augustas already robust in-formation technology industry.
For Augusta, its Christ-mas, New Years and the SuperBowl all wrapped into one. Au-gusta poli tica l an d busi nessofficials were over the moonThursday imagining hundredsof additional military andcivilian jobs, a flurry of homeand office construction and acemented reputation on the
Armys cyberwarriorscoming to Georgia base
Jobs continuedonA4
-
7/27/2019 TargetBreach12.20.13
2/2
Filename:A12-MAIN-AJCD1220-AJCD Date/Time created:Dec19 201311:12:16:786PM Username: SPEEDDRIVER13
Friday,Dec 20, 2013 MAIN 12AAJCD12ACyan Magenta Yellow Black
A12 CREDIBLE. COMPELLING. COMPLETE. THE ATLANTAJOURNAL-CONSTITUT ION FRIDAY, DEC. 20, 2013
12ACyanMagenta YellowBlack AJCD File name: A12-MAIN-AJCD1220-AJCD Date/Timecreated: Dec 19 2013 11:12:16:790PM Username:
3
ing targets was exces-sive and extreme, Salterssaid in a letter of apology,a condition placed on himby pro secuto rs as part ofhis plea. It was unrelent-ing and created a toxicculture throughout APSwhere a ll t hat matte redwas t est scores , even ifill-gotten, Salters pleaagreement said.
I placed the concernof the school administra-tion for test results andtest scores above the in-terests of the children,he said.
Salters disclosed toprosecutors how he coor-dinated test cheating andexplained why he did it.Gideons, located in south-west Atlan ta, had a chal -lenging, transient studentpopulation after nearbyhousing projects closedin the early 2000s. Its stu-dents performed slightlybelow average in re ading ,language arts and math.
Salters plea agreementsaid he knew that Hall, af-ter becoming superinten-dent, began firing teach-ers whose schools did notmeet desired results. Thesuperintendent public-
ly boasted about this facton many occasions, on-ly increasing the pressureto make sure his schooldid well, the plea agree-ment said.
Test tampering beganoccurring at Gideons asearly as 2005 and con-tinued until 2009, Salt-ers told prosecutors. Thiswas po ssibl e bec ause t heschools testing coordina-tor, Sheridan Rogers, an-other defendant in thecase, gave teachers accessto their students tests sothey could correct wronganswers, Salters said.
The former principalsaid he told teachers to gosee Rogers and admittedthat he told Rogers, Letthem have the tests.
Salters agreed to coop-
erate with prosecutorsand is expected to testifyagainst Rogers at the up-coming trial.
Salters pleaded guiltyto a single felony count of
APSpleascontinued fromA1
FROMPAGEONE
making false statementsand writings. This was be-cause he signed and thensubmitted the 2009 Cri-terion-Referenced Com-petency Tests taken byhis students and gave as-surances there had beenno ethical breaches in thetesting procedure.
Salters was sentencedto two years on probationand ordered to complete1,000 hours of communi-ty service. He also agreedto return $2,000 in bo-nuses he received.
Wendy Ahmed, a for-mer Humphries Elemen-
tary teacher, followedSalters to the courtroompodium. She admitted totelling her students thecorrect answers whilethey took the 2009 CRCT.
Ahmed pleaded guiltyto a misdemeanor countof obstruction. She wassentenced to a year onprobation and orderedto perform 250 hours ofcommunity service andreturn $500 in bonusmoney.
Standing before Superi-or Court Judge Jerry Bax-ter, Ahmed said she couldnot find the words to ex-press her shame.
I made poor deci-sions that did more harmthan good to my stu-dents, Ahmed said, hervoice trembl ing. I to okso much pride in teachingthe children of Atlanta,yet I allowed the fear ofadministrators to alter mybelie fs a nd val ues.
Baxter has ordered law-yers representing the re-maining APS defendantsto appear before him to-day to see whether theyhave checked in with pros-ecutors to determine whatdeals are being oered.
Gerald Griggs, an attor-
ney who represents for-mer Dobbs Elementaryteacher Angela William-son, said his client willfight the charges at trial.
Its a sad day in At-lanta to hear the pun-ishments that are beinghanded out now to indi-vidua ls wh o ac cepted re-sponsibility for a system-ic issue, said Griggs,who o bserve d Thurs dayspleas. The one constantis the pressure all theseteachers faced. Once thetrial is underway, we willtruly know the scope ofthat pressure.
Wendy Ahmed, a former teacherat Humphries Elemen-tary, walksto thepodium toreadher apology letter duringa plea hearing in theAPScriminal case Thursday.
Armstead Salters (left), ex-principal of C.L.Gideons Elementary, became the firstde-fendantin thecaseto plead guiltyto a felony charge. PHOTOSBY HYOSUBSHIN / [email protected]
product and spend thecash. Criminals can alsobuy go ods o nlin e.
Sometimes criminalsbols ter t he pr ice o f th eirwares by va lidat ing t hatthe card is still active atelltale sign that your ac-count has been compro-mised. They do that byinitiating a micro-chargeof two dollars or less,something that yourenot going to call your is-suer about, said YaronSamid, chief executive ofstart-up BillGuard, whichmonitors its users card
accounts for fraud.That means card-
holders should be vigi-lant for months, he said,or at least change theirPIN codes if they thinktheyve been affected.
Criminals, he ex-plained, can hold on tocardholder data for along time before sellingit on the black market.And even more time mayelapse before the transac-tions that bilk cardhold-ers at the ATM or the vir-tual or physical point ofsale.
This all puts the affect-ed banks, payment net-works (Amex, Visa , Mas -terCard and Discover) andmerchants in a tight spot.
Banks have to make adecision on whether ornot to either issue theircustomers new cards orjust put t ighte r frau d con -trols on the accounts ofcustomers who mighthave been impacted.
When such incidentsoccur, Visa works withthe breached entity toprovide card issuers withthe compromised ac-counts so they can takesteps to protect consum-ers through fraud moni-
toring and, if needed, re-issuing cards, a spokes-woman email ed. Be-cause of advanced fraud-monitoring capabilities,the incidence of fraud in-volvi ng co mpromi sed a c-counts is actually rare,and Visa fraud rates re-main near historic lows.
Bank of America andWells Fargo provided sim-ilar statements, empha-sizing that customers willnot lose money if theircards are used for boguscharges.
As they scramble todeal with the Target
breach , fi nanci al s ervic -es companies are alreadylooking to shift the sys-tem.
The most prominentway t hey re doi ng t his iswith the chip card s tan-dard thats being usedby i ssuers of c ards i n jus tabout every country inthe world outside the U.S.
Those cards knownas Europay, MasterCardand Visa, or EMV arearmed with encrypt-ed chips. EMV technol-ogy, experts explain, isjust more s ecure than the
magnetic stripes used onAmerican cards.
This case exposes thereality that payment net-works are o nly a s stro ngas their weakest link,said Wedbush senior an-alyst Gil B. Luria. Thebad g uys f ind that weak-est link and exploit it, andthen generate very sub-stantial gains.
Visa and MasterCardhave said that all mer-chants except gasoline re-tailers that dont have theequipment to accept EMVcards by October 2015 willbe l iable for a ny fra udu-lent transactions madeon their terminals, Luriasaid.
Its a matter of try-ing to squeeze fraud outof the system, said Ran-dy Vanderhoof, the direc-tor of the EMV MigrationForum, a nonprofit withmore than 150 participat-ing organizations.
But EMV only protectsagainst fraud at brick-and-mortar retailers, not on-line. In cyberspace, thepayment networks are fo-cusing on other methodsto cut fraud.
Until EMV takes hold,or something more resil-
ient takes the place of thecurrent payment system,consumers will just haveto live with the headachescaused by breaches.
Its ultimately not theconsumers who face theliability here, thats theone beautiful thing aboutthe credit card system,said Robert E. Lee, a se-curity business partner atIntuit. If my card is sto-len and used like this, Imnot out of pocket.
There are all theseconsumer protections inplace, even though theentire system is stupid.
cardholders from liability.But theres still the has-
sle of watching for bo-gus c harges or req uest-ing a new card and updat-ing any automatic pay-ments associated with theold one.
For card issuers, da-ta thefts on the scale ofthe Target breach, whichoccurred between Nov.27 and the middle of thismonth, represent a ma-
jor h eadac he an d pos siblysubstantial expenses. Tocombat would-be thieves,payment networks, banksand retailers are alreadyshifting to new technol-ogies, but the transitionwill take years .
Target admitted Thurs-day that hackers had in-filtrated the payment sys-tem used in all its brick-and-mortar stores. Theadmission came a day af-ter digital security report-er Brian Krebs broke thestory.
The nationwide retailerstressed that its estimateof the number of peo-ple affected, 40 million,is just an approximation.Many of those shopperswill proba bly n ever exp e-rience any fraud on theiraccounts.
For now, exactly howthis particular breachhappened is unclear. Tar-get h ad li ttle to s ay onthat subject.
Clearly this was a so-phisticated crime, saidTarget spokeswoman Mol-ly Snyder, in an email.However, it is an activeand ongoing investigationso I cannot comment fur-ther.
Still, experts are fairlysure how these schemestake shape.
Hackers do businesson forums in the deep re-cesses of the Internet.These meeting places actas eBays for criminal ac-tivity. There, maliciousactors buy and sell stoleninformation.
After that crooks canwork wi th s eparat egroups that replic ate t hestolen card informationand place lifted data on-to pieces of plastic. Even-tually, mules on the streetget h old o f th e fi nishe d
Targetcontinued fromA1
Answers about the
Target data breachBy BreeFowler
AssociatedPress
With less than a weekuntil Christmas, a real-life Grinch has stolen thecredit and debit card in-formation of about 40million Target shoppers.
Target says anyone whomade purchases by swip-ing cards at terminals inits U.S. stores betweenNov. 27 and Dec. 15 may
have had their accountsexposed.Here are some answers
to the most commonquestions about the theft:
Q: I shopped at Targetduring that time. Whatshould I do?A: Check your creditcard statements careful-ly. If you see suspiciouscharges, report the ac-tivity to your credit cardcompanies and call Tar-get a t 86 6-852- 8680. Youcan report cases of iden-tity theft to law enforce-ment or the Federal Trade
Commission.You can get more in-
formation about identitytheft on the FTCs websiteat www.consumer.gov/idtheft, or by calling theFTC, at (877) IDTHEFT(438-4338).
Q: How did the breachoccur?A: Target isnt saying howit happened. Industry ex-perts note that compa-
nies such as Target spendmillions of dollars eachyear on credit card secu-rity, making a theft of thismagnitude particularlyalarming.
Experts disagree abouthow the breach mighthave happened.
Avivah Litan, a securityanalyst with Gartner Re-search, says given all thesecurity, she believes thebreach may h ave bee n aninside job.
But thefts of this sizeare too big to be the workof company employees,says Ken Stasiak, founder
and CEO of Secure State,a Cleveland-based infor-mation security firm thatinvestigates data breach-es like this one. Stasiaksaid that such breachesare generally perpetratedby or ganiz ed cr ime o r anoverseas, state-sponsoredhacker group.
Q: Who pays if thereare fraudulent chargeson my account?
A: The good news is inmost cases consumersarent on the hook forfraudulent charges.
Credit cardcompaniesare oftenable to agthechargesbeforethey gothroughand shut downyour card. If that doesnthappen, the cardissuerwill generally strip chargesyouclaim arefraudulento yourcard immediately.
And since the fraud hasbeen t ied t o Tar get, itl lbe th e ret ailer that ulti -mately compensates thebanks and c redit cardcompanies.