Massive Target credit card data theft revealed

A security industry blog reported that a credit card data security breach on Black Friday weekend involved almost all of Target's 1,797 U.S. stores. Criminals accessed the data by installing software on machines that customers use to swipe their cards, investigators said.   

REUTERS/Kevin Lamarque
A Target employee returns carts to the store in Falls Church, Virginia in this file photo taken last year. The Secret Service is conducting an investigation into a recent security breach at Target stores.

Payment card data was stolen from an unknown number of Target Corp customers starting on the busy Black Friday weekend in a major breach at the U.S. retailer, according to a person familiar with the matter.

The Secret Service is investigating, according to a spokesman for the agency, which safeguards the nation's payment systems. Target officials did not respond to requests for comment.

Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, according to the person who was not authorized to discuss the matter and declined to provide further details.

Krebs on Security, a closely watched security industry blog that broke the news, said the breach involved nearly all of Target's 1,797 stores in the United States, citing sources at two credit card issuers. The report said that "track data" from at least 1 million payment cards was thought to have been stolen before Target uncovered the operation, but that the number could be significantly higher.

"When all is said and done, this one will put its mark up there with some of the largest retail breaches to date," the report cited an unnamed source as saying.

The biggest credit card breach at a U.S. retailer reported to date was an attack against TJX Cos, the parent of TJ Maxx and Marshalls. The company disclosed in March 2007 that data from 45.7 million payment cards had been stolen by hackers over 18 months. Banks later asserted in court documents the hackers could have obtained more than 94 million account numbers.

The data breach at Target could have extended from just after Thanksgiving to Dec. 15, Krebs said, citing evidence from investigators.

It is not yet clear how the attackers were able to compromise point-of-sales terminals at so many Target stores across the country. Doing so would have required careful planning by sophisticated cyber criminals.

An American Express spokeswoman said the company is aware of the incident and is putting fraud controls in place.

Representatives for Visa and MasterCard declined to comment.

There are no indications that the theft affected shoppers on Target's website, Krebs reported.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Massive Target credit card data theft revealed
Read this article in
https://www.csmonitor.com/USA/Latest-News-Wires/2013/1218/Massive-Target-credit-card-data-theft-revealed
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe