Target Investigating Security Breach of 40 Million Card Accounts
Target is investigating a security breach where credit card and debit card information was stolen from millions of customers starting on Black Friday.
Security blogger Brian Krebs first broke the story, reporting that sources at credit card issuers said the data breach began the day after Thanksgiving and extended to nearly all Target locations across the country.
A day later, Target released a statement confirming the information, adding that forty million credit card and debit card accounts used in stores between November 27 and December 15 may have been affected.
People who bought merchandise online are not at risk. The information was apparently stolen when customers swiped their cards at machines during checkout in stores. Target store cards and major card brands such as Visa and MasterCard were breached, and stolen data includes customer names, credit card and debit card numbers, card expiration dates, and the three-digit security codes located on the backs of cards.
From The New York Times:
Point-of-sale systems have become a major target for cybercriminals in recent years. To pull it off, security experts said a company insider could have inserted malware into a company machine, or persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cybercriminals a foothold into a company’s point-of-sale systems.
Target, which has 1,797 stores in the United States, said it immediately told authorities and financial institutions when it realized the breach on December 15. The company is teaming with a third-party forensics firm to investigate, and the Secret Service is involved as well.
Target didn't say how the data breach occurred, but it announced that the problem has been resolved and that credit card holders can continue shopping at its stores.
The company did, however, advise customers to check their card statements. Those who see suspicious transactions should report it to their card companies and call Target to detail the charges. Security experts recommend that people who think they may have been affected change the PINs for their debit cards.
This data theft is the second largest card breach for a retailer in the United States after TJX Cos., parent company of T.J. Maxx and Marshalls, announced in 2007 that 45.7 million credit card and debit card users had their data stolen.
Target’s security breach is the latest of several technology crises for the company. In 2011, it heavily promoted limited-edition clothing and accessories by Italian designer Missoni, only to see its website crash due to demand as the line became available. The site was down most of the day the collection launched. Online delays for products and order cancellations frustrated customers further.