Target Credit Card Data Breach: What Happened and What To Do Now
- Robert Schoon
- Dec 19, 2013 06:56 PM EST
- Sign up to receive the lastest news from LATINONE
-
Target told its customers on Thursday that it had been the victim of a massive data breach, in which the data from up to 40 million credit and debit cards may have been stolen. Anyone who shopped at a brick-and-mortar Target store starting just before Black Friday (Nov. 27) to Dec. 15, 2013 may be at risk from the breach.
Shopping in the digital age has its risks. Now it appears that even if shoppers take conscientious steps to personally limit their exposure to possible fraud and data theft, their financial information can still be exposed if there is a hack on the retailer's end, which is exactly what happened in the case of Target this shopping season.
What began as an anonymously-sourced report of data theft by cybersecurity expert Brian Krebs at KrebsonSecurity was confirmed on Thursday by Target. The number 2 retailer in the U.S. announced that "it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores." Target also confirmed, "approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013."
The breach is thought to originate in Target's point-of-sale system, where hackers either inserted malware into the terminals where customers swipe their cards or managed to collect the card data en route from Target's retail outlets to the company's credit card processors. All indications are that online Target shoppers were not affected by the data breach.
The information stolen from the 40 million or so cards is called "track data" - including the card name, payment number, expiration date, and three-number security code on the back - which allows cybercriminals to make counterfeit cards by copying the same information as a customer's legitimate credit or debit card onto any dummy card with a magnetic strip.
Krebs noted that if PIN data for debit cards were stolen as well, criminals would technically be capable of copying debit cards and withdrawing cash directly out of victims' accounts at an ATM. A Target spokesperson, however, told USA Today that the company has "no indication that debit card PINs were impacted." While this careful wording may not prompt a complete sigh of relief for customers and banks, it at least seems (at the moment) to be a step back from the worst-case scenario for those whose debit card information was stolen.
For its part, Target has identified the breach and resolved the leak, and is "partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident" and design its data systems to prevent another breach of this kind. It also alerted authorities and financial institutions of the breach as soon as it became apparent. The United States Secret Service has also become involved in the investigation, according to a statement from the agency to Ars Technica.
For those who shopped at Target between Nov. 27 and Dec. 15, Target advises you to closely review the activity on your account and report any unusual activity to law enforcement or the Federal Trade Commission's consumer ID theft division at www.consumer.gov/idtheft or by phone at 877-438-4338 (IDTHEFT). In addition, one free credit report from each of the three credit reporting agencies is available per year, which can be obtained at www.annualcreditreport.com or at 877-322-8228. Most banks and credit card companies also alert customers via email or phone of suspicious charges, so be sure to keep an eye out if your card company or bank tries to reach out.
- Sign up to receive the lastest news from LATINONE
-