Prof. Anupam Joshi discusses Target data breach on NBC and ABC

In December it was revealed that Target suffered a data breach that involved more than 40 million credit and debit card accounts. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013.

Director of the UMBC Center for Cybersecurity and CSEE Professor Anupam Joshi discussed the possible consequences of the breach in video reports by local affiliates for both ABC and NBC. Dr. Joshi outlined some of the possible ways that the data breach might have happened and pointed out that while the lost data could be used to make illegal charges to the accounts, it was unlikely to lead to larger identity theft problems.

One thought on “Prof. Anupam Joshi discusses Target data breach on NBC and ABC

  1. Dr. Joshi misses the main point of this incident. He suggests that companies can defend their systems using traditional computer security techniques. But such techniques as known today cannot secure systems against capable determined adversaries, and I do not believe they will in the coming decades. The main point is that commercial systems such as Target’s are fundamentally flawed with egregious design. The systems should not be storing information (e.g., credit card numbers) that can be exploited, and multiple-time use passwords and credit card numbers should not be used. Technologies for use-once passcodes have been known for decades. Designs should avoid single points of failure and large targets. We need smarter designs, not more robust defenses of badly designed systems.

    For example, and unlike traditional voting systems, the Scantegrity Voting System (which was designed and developed in part at UMBC in my lab) is designed to be “software independent.” This means that its security does not depend on the correct operation of any software. If there is any fault (unintentional or malicious) that affects the election outcome, this fault will be detected by the voters or independent auditors with overwhelming probability.
    http://www.scantegrity.org

    Dr. Alan T. Sherman
    Associate Professor of Computer Science, and
    Director, UMBC Center for Information Security and Assurance (CISA)

Comments are closed.