Consumer retailer Target confirmed today that its stores suffered a massive credit card data breach, which started around Black Friday and extended a few weeks after. The hack is believed to have jeopardized up to 40 million accounts, with customer names, debit / credit card numbers, card expiration dates and three-digit security codes all having been stolen during this time.
Specifically, the attack on Target shoppers’ personal credit information took place between November 27th and December 15th, a period of about three weeks. Target officials confirmed they are working closely with the Secret Service and other law enforcement in order to capture the culprit(s).
While nothing has been confirmed yet, it is believed that the attack is an inside job. According to national computer security expert Brian Krebs, on his website KrebsonSecurity, the attack did not target purchases made online, but involves theft of the information on credit cards’ magnetic stripes. This type of data could allow the unidentified thieves to create counterfeit credit cards, ring up online purchases at most web sites, and make ATM cash withdrawals if they also managed to intercept PIN numbers. According to Krebs, sources at credit card firms stated that the thieves stole this information by installing data-stealing code on the card-swipe machines at the checkouts of 1,797 Target stores around the country.
40 million accounts were stolen by Target criminals
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Target chairman and president Gregg Steinhafel in a statement. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target is working with both law enforcement and a third-party forensics firm in order to fix the breach and catch the criminals, and recommends on their web site that those affected by the hack contact the Federal Trade Commission and law enforcement in order to report possible identity theft.
They have also set up a hotline for their affected customers, so those who have noticed irregular activity on their accounts should call 866-82-8680.
Source USA Today; Washington Post, BBC News, KrebsOnSecurity