Watch CBS News

Experts Have Known About ID Security Breach Problems For Years

NORTH TEXAS (CBSDFW.COM) - A Dallas-based credit union has sued Target over its massive security breach. The Employees Credit Union claims the breach will cost it a lot of money. Now, two other credit unions have joined in the lawsuit.

More than 100 million Americans were affected by the personal information breach at Target. Now CBS 11 News has learned it may have started with one infected e-mail.

Cyber security experts told CBS 11 the recent breaches highlights a problem they've known about for years.

Companies are focused on threats from outside, but they don't do as much to protect themselves inside.

Employees and contractors are connected to computer networks, where one wrong click can bring everything down.

It wasn't the front door, or even the back door of Target, that cyber thieves went through to steal millions of credit cards. According to the security website Krebs on Security, thieves went through the door of another business entirely.

Krebs said a heating and air conditioning company, with access to Target computers for contracts and billing, had its credentials stolen in a simple email phishing scam.

The company was using free software, Krebs reports, that couldn't catch the attack.

"They [businesses]need to put the priority and the budget on the threat which is going to cause the most harm, which is insiders," suggested Keith Squires, with the Pathmaker Group.

You can think of it like needing someone to work on your home. You hire a contractor you trust, and give him access to your garage. Then a crew from that company comes to do the work and there might be a person who didn't go through the background checks that the contractor did. It's called a 'security hole.' Now, that worker is through one door, and has access to another.

Suku Nair is a computer security expert at Southern Methodist University. "That is a huge problem at all levels. Again that happens because of the cost reduction aspect and the suppression of responsibility."

Even if the worker doesn't have a key to your door, if he can figure it out, now he's in your house, and has access to everything you own.

Squires group closes those holes for companies, but he said companies often don't take the steps to make sure they're,  "Closing that door on employees that leave, closing that door on suppliers no longer working for them. Those are things companies have to deal with."

CBS 11asked Dr. Nair if all these discoveries will force companies to change things. He said maybe not. Security standards are now so expansive small companies will often just hope it doesn't happen to them.

(©2014 CBS Local Media, a division of CBS Radio Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)

Latest News:

Top Trending:

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.