NEWS FROM THE LAB - Friday, January 17, 2014

Was "Metadata" leaked in the Target breach? Posted by Sean @ 13:43 GMT

The Target data breach has been big news ever since Brian Krebs broke the story several weeks ago.

And our analysts have been investigating the related malware samples, all very interesting, but one thing I'd like to know is this: if Target knows you're pregnant… do the hackers now know, too?

Back in February of 2012, the New York Times published an article by Charles Duhigg based on his book, The Power of Habit. And one of the more interesting things revealed in the article, was that Target very actively analyzes customer behavior patterns.

life events.

pregnancy prediction score

In other words: Target generates lots of metadata and customer analytics.

According to Bloomberg, Target has said the theft of customer data may have affected anyone who provided it basic information over the past several years. Provided?

As in data that was filled out on an application for credit — or does "provided" include data that was learned based on shopping patterns? The breach of 70 million records which included name and home address hints at a back end compromise that is far deeper than point of sale malware.

We've all learned the value of metadata in the last half-year.

Forget about the breached credit card numbers. Target's analytics would be an identity theft goldmine.

Post by — @Sean