Target Corp announced an overhaul of its information security processes and the departure of its chief information officer as the retailer tries to re-gain customers and investors after a massive data breach late last year.
CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.
Jacob, who comes from a sales background and has been CIO since 2008, will be replaced by an external hire, according to sources at Target.
“It’s a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model,” Belus Capital Advisors CEO Brian Sozzi said.
The breach at Target was the second largest at a U.S. retailer, after the theft of more than 90 million credit cards over about 18 months was uncovered in 2007 at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains.
Hacking has become a major concern for retailers in the United States. In the latest reported breach, beauty products retailer and distributor Sally Beauty Holdings Inc said on Wednesday its network had been hacked but no card or customer data appeared to have been stolen.
Target Chief Executive Gregg Steinhafel said the company would elevate the role of chief information security officer as part of its plan to tighten its security.
The company will also look externally to fill that position as well as the new position of chief compliance officer.
Steinhafel said Target would be advised by security consultant Promontory Financial Group as it evaluates its technology, structure, processes and talent.
“I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously,” Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, told Reuters.
Target, the third-largest U.S. retailer, said last week customer traffic had started to improve this year after falling significantly toward the end of the holiday shopping season when news of the cyber attack spooked shoppers.
Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.
“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.
“We have found no information based on our review of our systems to date indicating a breach,” he added.
He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.
Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.
Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.
The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.
A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.
The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.
A cybersecurity firm has stated that it has found stolen credentials from some 360 million accounts that are available for sale on cyber black markets, though it is unsure where they came from or what they can be used to access.
The discovery could represent more of a risk to consumers and companies than stolen credit card data because of the chance the sets of user names and passwords could open the door to online bank accounts, corporate networks, health records and virtually any other type of computer system.
Alex Holden, chief information security officer of Hold Security LLC, said in an interview that his firm obtained the data over the past three weeks, meaning an unprecedented amount of stolen credentials is available for sale underground.
“The sheer volume is overwhelming,” said Holden, whose firm last year helped uncover a major data breach at Adobe Systems Inc in which tens of millions of records were stolen.
Holden said he believes the 360 million records were obtained in separate attacks, including one that yielded some 105 million records, which would make it the largest single credential breaches known to date.
He said he believes the credentials were stolen in breaches that have yet to be publicly reported. The companies attacked may remain unaware until they are notified by third parties who find evidence of the hacking, he said.
“We have staff working around the clock to identify the victims,” he said.
He has not provided any information about the attacks to other cybersecurity firms or authorities but intends to alert the companies involved if his staff can identify them.
The massive trove of credentials includes user names, which are typically email addresses, and passwords that in most cases are in unencrypted text. Holden said that in contrast, the Adobe breach, which he uncovered in October 2013, yielded tens of millions of records that had encrypted passwords, which made it more difficult for hackers to use them.
The email addresses are from major providers such as AOL Inc, Google Inc, Microsoft Corp and Yahoo Inc and almost all Fortune 500 companies and nonprofit organizations. Holden said he alerted one major email provider that is a client, but he declined to identify the company, citing a nondisclosure agreement.
Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, said she had no information about the information that Hold Security uncovered but that it was plausible for hackers to obtain such a large amount of data because these breaches are on the rise.
She said hackers can do far more harm with stolen credentials than with stolen payment cards, particularly when people use the same login and password for multiple accounts.
“They can get access to your actual bank account. That is huge,” Bearfield said. “That is not necessarily recoverable funds.”
After recent payment-card data breaches, including one at U.S. retailer Target, credit card companies stressed that consumers bear little risk because they are refunded rapidly for fraud losses.
Wade Baker, a data breach investigator with Verizon Communications Inc, said that the number of attacks targeting payment cards through point-of-sales systems peaked in 2011. That was partly because banks and retailers have gotten better at identifying that type of breach and quickly moving to prevent crooks from making fraudulent transactions, he said.
In addition to the 360 million credentials, the criminals are selling some 1.25 billion email addresses, which would be of interest to spammers, Hold Security said in a statement on its website.
The little known firm said the proposal for Barnes & Noble as a whole would be for $22 per share, which would value the top U.S. bookstore chain at $1.32 billion. It comes after earlier proposal in November for $20 per share, its second.
G Asset, which not did detail how it would finance a deal, also made an alternative offer to buy Nook for $5 per share, saying spinning off the digital books and device business would create “substantial shareholder value.”
The latest offer for the whole company would value Barnes & Noble at $1.32 billion, while the proposal for Nook would value that unit at about $300 million.
The firm has previously pressed the company to spin off its Nook unit from Barnes & Noble’s bookstore and college units.
Michael Glickstein, G Asset’s Chief Investment Officer, and the only person listed on the firm’s website, did not immediately return a request for comment.
Barnes & Noble shares were up 5.8 percent at $17.75 in afternoon trading after going as high as $19.12 after the news was released, suggesting Wall Street analysts were doubtful a deal would get done.
A Barnes & Noble spokeswoman declined to comment beyond confirming that the company had received G Asset’s offer.
The original Nook device was launched in 2009 to help Barnes & Noble fend off Amazon.com Inc and allowed the retailer to win as much as 27 percent of the U.S. e-books market.
But the company lost hundreds of millions of dollars trying to keep pace with deep-pocketed rivals such as Amazon, Apple Inc and Google Inc. It has scaled back its Nook business and focusing more on content and software.
Two years ago, Microsoft Corp invested $300 million in the Nook unit for a 17.6 percent stake, valuing the division at $1.7 billion. In late 2012, Pearson PLC took a 5 percent stake in Nook for $89.5 million.
Robocoin announced on Tuesday that later this month it will install the first automated teller machines in the United States that will allow users to buy and sell bitcoin, the latest step into the mainstream for the digital currency.
The kiosks, to be installed in Seattle, and Austin, Texas, are similar to ATMs but have scanners to read government-issued identification such as a driver’s license or a passport to confirm users’ identities.
The ATMs will allow people to swap bitcoin for cash, or deposit cash to buy more bitcoin by transferring funds to or from a virtual wallet on their smartphones.
Bitcoin was launched in 2008 and is traded within a global network of computers. It is not backed by a single company or government and has no assets behind it, but its release is tightly controlled, mimicking a central banking system’s control over the minting of money.
Robocoin, based in Las Vegas, installed its first bitcoin ATM in Vancouver last fall and will also start operating one in Calgary, Alberta, later this month. Robocoin also is planning to install ATMs in Asia and Europe.
A bitcoin is currently worth about $636, but its value has fluctuated widely as the currency’s visibility has increased. Last September, a bitcoin was worth around $150. By late December the value was near the $1,000 mark.
Users can buy products and services online on sites including Overstock.com or in a handful of stores.
The currency’s reputation took a hit last week when two of its best known exchanges suspended withdrawals. One of them, Slovenia-based Bitstamp, said Friday it planned to allow redemptions to resume.
Kickstarter, the fundraising website used by millions of people to raise capital for creative projects and businesses, acknowledged that hackers had gained access to some of its customers’ data but that the breach had been repaired.
“No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts,” Kickstarter Chief Executive Officer Yancey Strickler said in a blog post on the website. It noted that it does not store credit card data.
Recent data breaches at Target Corp and Neiman Marcus have sparked concern from U.S. lawmakers and consumers over who should bear the cost of consumer losses and how to improve cybersecurity.
Kickstarter’s information that was accessed without authority included user names, email addresses, mailing addresses, phone numbers and encrypted passwords, said Kickstarter, which was informed of the breach by law enforcement officials on Wednesday night.
It added that while passwords were not revealed, persons with computer expertise could still decipher encrypted passwords, and recommended users change their passwords as well as those for other sites or accounts for which the users had the same password.
Kickstarter said it had beefed up security in recent days. It also said it was working with law enforcement officials.
Kickstarter launched in 2009 as a conduit for funding of projects ranging from films and stage shows to video games and restaurant launches. Contributors to a project’s launch are often compensated with rewards, discounts, credits or other offers from the projects they help fund.
Since its launch more than 100,000 projects have been funded, with hundreds of millions of dollars pledged.
The Securities and Exchange Commission said that its making plans to conduct a roundtable next month to discuss cybersecurity, after massive retailer breaches refocused the attention of the business community and policymakers on the area.
The SEC said that it would hold the event on March 26 to talk about the challenges cyber threats pose for market participants and public companies.
Recent breaches at Target Corp and Neiman Marcus have sparked concern from lawmakers and revived a long-running spat among retailers and banks over who should bear the cost of consumer losses and technology investments to improve security.
Last Thursday, trade groups for the two industries announced they are forming a partnership to work through the disputes.
U.S. lawmakers have also considered weighing in on how consumers should be notified of data theft. But progress on legislation is not guaranteed in a busy election year.
The SEC in 2011 drafted informal staff-level guidance for public companies to use when considering whether to disclose cyber attacks and their impact on a company’s financial condition.
SEC Chair Mary Jo White last year told Congress that her agency was reviewing whether a more robust disclosure process is needed. But she told reporters last fall she felt the guidance appeared to be working well and that she didn’t see an immediate need to create a rule that mandates public reporting on cyber attacks.
Samsung also revealed that all four of its new tablets will uses its somewhat controversial custom interface Magazine UX, a display mode that loads the screen with tiles that show information from different apps. Analysts expected Samsung to downplay the Magazine UX, as a way of staying closer to true Android from Google.
Prices will start at $399.99 for the 16GB Galaxy Tab Pro 8.4. The Tab Pro 10.1 is priced at $499.99 for 16 GB and the Galaxy Note Pro 12.2 will cost $749.99 for 32 GB and $849.99 for 64 GB. Samsung said the fourth tablet recently announced at International CES, the Galaxy Tab Pro 12.2, also running KitKat, won’t be available until March.
The models that go on sale Feb. 13 will be Wi-Fi-only, but Samsung also said that Verizon Wireless will be the first to offer a 4G LTE version of the Note Pro 12.2 later this quarter. Samsung posted more information about pre-orders on its website. The Note Pro and Tab Pro tablets come in black or white.
Samsung advertised the four models as ideal for use at work or play. Both 12.2 models (with 12.2-in. displays) as well as the Tab Pro 10.1 (with a 10.1-in. Display) come with virtual keyboards that mimic the size and appearance of a physical keyboard for faster typing. Both 12.2 models also have 2560 x 1600 LCD displays, making them the first with such high resolution. Both also allow users to view up to four applications at once for better multitasking.
The Note Pro 12.2 also has a Samsung S Pen, a digital pen for handwriting to text, and functions called Air Command and Pen Window for quicker access to apps and information.
All the new tablets will run Magazine UX, a new custom user interface that runs in the home screen layout and that Samsung says will bring users’ their favorite and most-frequented content, such as apps,email and games “to the forefront, offering direct access to content with a single touch.”
Some analysts said Samsung might drop or de-emphasize the Magazine UX in upcoming products in favor of the standard Android UI after recent negotiations between the two companies. after reports of recent negotiations between Samsung and Google were believed to result in future Samsung products with the same look as standard Android backed by Google.
The Galaxy Tab Pro 8.4 (with an 8.4-in. display) runs a Snapdragon 800 2.3 GHz quad-core processor, which makes it “built to handle high-powered games and video,” Samsung said.
With the range of Android tablets Samsung has already shipped to market and the latest round of new tablets, it is no wonder that Samsung is the largest Android tablet maker. IDC said Samsung shipped 14.5 million tablets in the fourth quarter of 2013, grabbing an 18.8% market share, second only to Apple’s 33.8% share in shipping 26 million iPads running iOS.
The next biggest tablet maker is Amazon.com, shipping 5.8 million Android core tablets for its Kindle Fire line and making up 7.6% of the market. After Amazon, Asus shipped 3.9 million Android or Windows 8 tablets for 5.1% of the market, while Lenovo shipped 3.4 million tablets running Android or Windows 8 for 4.4% of the market.
Target Corp’s decision to fast track a $100 million program to adopt the use of chip-enabled smart cards is just a drop in the bucket when it comes to what retailers need to do to defend themselves against future cyber attacks, according to security experts and IT service providers.
The pressure to boost security spending comes at a time when merchants are already spending millions to fend off online retailer Amazon.com and facing an October 2015 deadline set by payment networks Visa Inc and MasterCard Inc to accept new payment cards that store information on computer chips rather than on traditional magnetic stripes.
Target, the No. 3 U.S. retailer, said this week it hoped to finish upgrading its payment card network to the more secure “chip and PIN” standard by early 2015, some six months ahead of its previous plan.
The system, already widely used in Europe and Asia, can accommodate cards carrying tiny microprocessors, which makes it harder for cyber crooks to use stolen data.
U.S. retailers have been so focused on cutting costs and expanding their online presence in the past decade that they have not spent enough of their technology budgets on protecting customer data, security experts and IT service providers said.
While retail spending on overall technology was expected to rise 4 percent annually between 2012 and 2017, U.S. stores spend only roughly 2 percent of their tech budgets on security, with the bulk going to improving their e-commerce, technology advisory firm IDC Retail Insights said.
Unlike their peers in other industries, most retailers still focus on just meeting the basic standards set by the payment card industry rather than substantially beefing up safeguards against increasingly sophisticated attacks, security experts said.
“Retailers have to assume that they are constantly being targeted and actually constantly being penetrated,” said Eddie Schwartz, a vice president at Verizon Enterprise Solutions, who urged retailers to take a more proactive approach.
Pressure from Congress, consumer groups and the banking industry following recent theft of customer data at Target, Neiman Marcus and others may be the turning point to get theretail industry to spend more on security, experts said.
For example, Dinesh Bajaj, the vice president of retail and logistics practice in Americas for Infosys Ltd, expects retailers to spend more in coming months on encrypting credit card data while storing it in multiple systems.
IDC Retail Insights expects spending by retailers in 2014 specifically for security in the United States to be $720.3 million, an increase of 5.7 percent from last year in part because of the recent breaches. Total tech spending by retailers this year is expected to hit $36.34 billion.
“It’s clear that companies need to do a lot more, that they continue to make basic mistakes,” Federal Trade Commission Chairwoman Edith Ramirez said at a hearing on Tuesday looking into massive data breaches at Target and Neiman that affected millions of shoppers.
Shares of the company, the maker of Norton anti-virus software, fell 3 percent after the bell.
“We are pleased with the quarter, but we’re not happy until we’re back into positive revenue growth,” Chief Executive Steve Bennett told Reuters on Wednesday.
Worldwide PC shipments were expected to fall about 10 percent in 2013 and by another 4 percent in 2014, research firm IDC said in December.
Symantec’s revenue fell to $1.71 billion in the third quarter from $1.79 billion a year earlier.
Bennett said the fall in revenue was also due to changes in the company’s organization.
Symantec has been reorganizing its sales force to create specialists for each product group instead of having everyone sell everything, leading to a temporary shortfall in revenue.
“They are trying to stimulate demand and drive better licenses from a new and improved sales force,” FBR Capital Markets analyst Dan Ives said in an email.
Symantec’s security products usually come bundled with PCs as the company has distribution partnerships with manufacturers.
The company’s consumer business sells products and services to individuals and home businesses globally through an e-commerce platform, internet-based resellers and retailers. Symantec also has partnerships with manufacturers to distribute internet security suites and online backup offerings.
Symantec reported a 4 percent decline in revenue from its protection business, which represented 42 percent of total revenue, and a 6 percent fall in revenue from its information management unit, which accounted for 39 percent of overall revenue.
Sales in the company’s information security business fell 3 percent.
Net income rose to $283 million, or 40 cents per share, in the third quarter, from $216 million, or 31 cents per share a year earlier.
Excluding items, the company earned 51 cents per share. Analysts, on average, had expected adjusted earnings of 43 cents per share on revenue of $1.65 billion, according to Thomson Reuters I/B/E/S.
Symantec’s fourth-quarter forecast was in line with Wall Street expectations.
In the aftermath of a large-scale attack on point-of-sale (POS) systems at retailer Target, new malware designed to illegally extract payment card data from the sales systems was released earlier this month.
Security researchers from cybercrime intelligence firm IntelCrawler identified a PoS RAM (random access memory) scraping program dubbed Decebal that they believe was released on Jan. 3. The release shows that cybercriminals are increasingly interested in launching this type of attack.
The malware is written in VBScript (Visual Basic Scripting) in less than 400 lines of code. Despite looking fairly unsophisticated, it can grab track 2 data — data encrypted on the magnetic stripe of credit or debit cards — from PoS memory and contains routines to evade malware analysis tools, like antivirus sandboxes and virtual machines.
The use of a scripting language to create malware is not unusual, but is highly uncommon for this particular type of threat. Andrey Komarov, CEO of IntelCrawler, said this is the first time he’s seen PoS malware written in VBScript.
Using this language provide some benefits, like portability, as it works by default in all Windows versions since Windows 98 and doesn’t require a separate interpreter. Many PoS systems run a version of Windows Embedded.
VBScript is also commonly used by Windows system administrators to automate different tasks and can be called by other scripts and programs, which could make this particular malware inconspicuous, Komarov said.
Decebal sends the stolen card data to a command-and-control server, particularly to a single 44-line PHP script running on a Web server that sorts the information and stores it.
Various text strings found in the malware code suggest its authors are likely Romanian, the IntelCrawler researchers said in a blog post. The name chosen by its creators also points in this direction, Decebal being the Romanian name of Dacian king Decebalus, an important figure in Romanian history.
Bogdan Botezatu, a senior e-threat analyst at Romanian antivirus firm Bitdefender, agreed with IntelCrawler’s assessment of the malware’s origins. “Most of the strings, functions and variable names are clearly Romanian words so chances are that the malware has been written by a Romanian citizen,” he said via email.
The bank did not replace the debit cards sooner because it wanted to minimize disruptions during the holiday shopping season, the New York Times reported earlier, quoting a person briefed on the bank’s decision.
“This is being done as a precautionary measure,” Citi spokeswoman Elizabeth Fogarty told Reuters via email earlier this week.
Fogarty declined to provide details on the number of debit cards being reissued.
Target said last week an investigation found that hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, the retailer said the hackers stole data from 40 million credit and debit cards.
The two sets of numbers likely contained some overlap, a company spokeswoman had said.
JPMorgan said in December it would give customers new debit cards printed quickly at many of its branches.
Citi is not reissuing credit cards, the New York Times said.
Target Corp will implement “significant changes” in light of the data breach during the holiday shopping season when hackers stole personal information of millions of customers, the U.S. retailer’s chief executive said in an interview on CNBC.
Malware was installed on the company’s point of sale registers, Gregg Steinhafel said, and Target was working with law enforcement agencies investigating the breach.
“As time goes on, we’re going to get to the bottom of this,” he said. “We’re not going to rest until we understand what happened and how that happened.
“Clearly, we’re accountable and we’re responsible but we’re going to come out at the end of this a better company and we’re going to make significant changes.”
Steinhafel did not give details of the planned changes. “We are in the middle of a criminal investigation as you can appreciate and we can only share so much,” he told CNBC.
Target said on Friday an investigation found that hackers stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. Previously, the No. 3 U.S. retailer said the hackers stole data from 40 million credit and debit cards.
Steinhafel told CNBC he had no idea who was responsible for the breach but that Target’s environment was now secure.
“We have no evidence that there is any other guest information that was removed from our environment,” he said.
On Friday Minneapolis-based Target, the No. 3 U.S. retailer, lowered its fourth-quarter profit forecast to between $1.20 and $1.30 from $1.50 to $1.60, in part due to weaker-than-expected sales since reports of the cyber-attack emerged.
Ship estimates for the browser have been fluid, to put it mildly. In August, the open-source developer pegged December 2013 as the target for the “Metro-ized” version of Firefox. In September, Mozilla said it was hoping to bundle Firefox Metro with the Windows edition of Firefox 27, slated for release on Feb. 4.
Metro was the name Microsoft once applied to the radical UI of Windows 8, but the company ditched the moniker in 2012 over a trademark dispute with a German retailer.
The newest information from Mozilla, however, has tapped March 18, when Firefox 28 is to ship, as the projected release of the browser.
Although a preview of Firefox Metro was bundled with the Aurora build of Firefox more than three months ago — and is currently in Aurora for Firefox 28 — it has not yet been promoted to the next channel, Beta, which is the precursor to Release. Mozilla has set a Jan. 31 deadline for deciding whether the touch browser is ready to add to Firefox 28 Beta.
Mozilla started work on a Metro edition of Firefox in March 2012. It shipped a rough preview in October 2012, several weeks before Microsoft launched Windows 8. At that time, Mozilla’s schedule said the Firefox app might appear as early as January 2013. In May 2013, however, the company said its developers would complete Firefox for Modern between Oct. 2, 2013, and March 20, 2014, with mid-November the likeliest date.
If Mozilla makes the targeted March 18 release, it will have spent two years crafting the browser, which will have shipped 17 months after the retail debut of Windows 8.
Although Mozilla has said it’s important that it have a Metro-ready browser to remain competitive — and Windows 8′s and Windows 8.1′s user share has climbed above the 10% mark– it’s unclear what percentage of those PC and tablet owners spend serious time in the UI, as opposed to the traditional Windows desktop.
Mozilla is also discussing a name for the browser, which was code named “Firefox Metro” during development and later was saddled with the label “Windows 8-style Firefox.”
One suggestion, forwarded by a Mozilla user experience designer, has been “Firefox Touch,” which got nods of approval from others in a Mozilla planning message forum.
“‘Windows 8-style Firefox’ is too long and already doesn’t make perfect sense with Windows 8.1 released, but will make less sense when Windows 9 comes out,” noted Brian Bondy, a Firefox platform engineer who has led the work on the Metro version. “I like Firefox Touch and I think we should go with that. It’s a product designed above all else for touch.”
Some, however, objected to labeling the browser as “Firefox Touch,” pointing out that that would downplay the Android browser Mozilla maintains, which is also touch-enabled.
“I agree with Jim that it should be simply Firefox, and that differentiation happens at the point of download,” countered Peter Scanlon, Mozilla’s acting chief marketing officer, in another message to the same discussion forum.
U.S. shoppers using desktops spent about $42.8 billion between Nov. 1 and Dec. 22, up from $38.9 billion in 2012, comScore said Thursday. The company was expecting a 14 percent increase between 2012 and 2013, however, said spokesman Andrew Lipsman.
“Our expectations for the online holiday shopping season anticipated that consumers would spend heavily later into the season out of necessity to make up for the highly compressed holiday shopping calendar this year,” comScore chairman Gian Fulgoni said in a statement. “Unfortunately that was not in the cards, as the final online shopping week saw considerably softer sales than anticipated.”
The comScore numbers don’t include shopping using smartphones and tablets; the company releases mobile shopping numbers quarterly.
U.S. online sales through desktops reached $766 million on Nov. 28, Thanksgiving Day, up 21 percent from a year ago. Shopping numbers were up 15 percent on black Friday, Nov. 29, to $1.2 billion, and up 18 percent, to $1.7 billion on cyber Monday, Dec. 2.
Cyber Monday, Dec. 2, and the following Tuesday were the heaviest online shopping days, comScore said. Tuesday, Dec. 3, saw desktop-based sales of more than $1.4 billion. Dec. 9 was the third biggest shopping day, with sales of $1.4 billion.
The top gaining product category for 2013 was video game consoles and accessories, as Microsoft released a new version of its xBox gaming console and Sony Computer Entertainment released a new PlayStation.
Also posting big gains in 2013 were apparel and accessories; consumer electronics, bolstered by smartphones sales; and computer hardware, bolstered by tablet sales, comScore said.