Passing the Buck - Who's responsible for the security breach?

We all know someone who has been the victim of a cyber-security breach. Small amounts of money being transferred from bank accounts and strange charges showing up on credit card statements are a couple of results we see from this type of activity. Normally we just call the bank or credit card issuer and the charges are removed and new account numbers are assigned - but what happened and who do we blame?

When you use your credit card for a retail purchase you should expect a certain level of security from that retailer. A recent security breach on the point of sale network at Schnucks Market Inc. resulted in over 2 million credit and debit cards being compromised. Not only was their information stolen - but it took the company two weeks to formally notify customers that their data might have been stolen.

Timeline for Schnucks' Breach:

• March 15th, 2013  - Schnucks is notified by its credit card processor of customer complaints for fraudelent charges.
• March 28th, 2013 - Malware is found on their network.
• March 30th, 2013 - Schnucks comunicates to customers that an issue has been found and contained.
• April 15th, 2013 - Schnucks releases a statement saying that 2.4 million card numbers were compromised.

See complete Timeline here.

A recent article on BankInfoSecurity.com has now linked this breach to several other retail security breaches. While we won't be able to stop all of these kinds of threats - one thing is certain, we need to hold retailers and banks accountable for maintaining and protecting our information. Communication is going to be instrumental in making the consumer more aware of what to look for.

References:

http://www.bankinfosecurity.com/recent-retail-breaches-connected-a-6022/p-2

http://www.bizjournals.com/stlouis/news/2013/04/10/schnucks-sued-over-security-breach.html