Target: 40 million credit cards compromised

Posted on: 6:25 am, December 19, 2013, by and , updated on: 07:03pm, December 19, 2013

NEW YORK (CNNMoney) — A breach of credit and debit card data at discount retailer Target may have affected as many as 40 million shoppers who went to the store in the three weeks after Thanksgiving, the retailer said Thursday.

Late Wednesday, the Secret Service, which is charged with safeguarding the nation’s financial infrastructure and payment systems, confirmed it was investigating the breach.

[MORE INFO: 4 things to do after your credit card has been hacked]

Spokesman Brian Leary declined further comment.

The breach first came to light via a report from respected security researcher Brian Krebs, who said Target had suffered a data breach around the time of Black Friday last month “potentially involving millions of customer credit and debit card records.”

Target, the nation’s No. 2 general merchandise retailer after Wal-Mart Stores, said cards used at the brick-and-mortar stores between Nov. 27 and Dec. 15, 2013, may have been impacted.

Target didn’t specify how its systems were hacked. But judging by the scope of the breach and the kind of information criminals got, security experts say hackers targeted the retailer’s point-of-sale system. That means they either slipped malware into the terminals where customers swipe their credit cards, or they collected customer data while it was on route from Target to its credit card processors.

The retailer said it notified authorities and financial institutions immediately after it was made aware of the unauthorized access, and had hired a forensics team to thoroughly investigate how the breach may have happened. The issue that allowed the breach has been identified and resolved, according to Target spokeswoman Molly Snyder.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” CEO Gregg Steinhafel said in a statement. “We regret any inconvenience this may cause.”

The thieves reportedly gained access to data on the magnetic strips of shoppers’ cards, potentially allowing them to produce counterfeit versions, according to Krebs.

The thieves could also potentially withdraw cash from ATMs using counterfeit debit cards if they were able to intercept PIN data from Target, he said.

Many major credit card companies and banks — including American Express, Discover, Bank of America, Chase, Wells Fargo and PNC — said they were monitoring the situation, and encouraged customers to alert them to any possible fraudulent charges. In data breach situations, customers aren’t on the hook for any fraudulent charges. Someone further up the chain — the card issuer, or sometimes the merchant — is responsible for those costs.

Visa and Citigroup did not respond to requests for comment, and HSBC declined to comment.

Target competitor TJX Companies — which operates discount retail chains T.J. Maxx and Marshalls — fell victim to one of the worst security breaches ever back in 2006, when hackers gained access to at least 94 million domestic and international accounts containing credit card, debit card, and check information.

CNNMoney’s Greg Wallace, Julianne Pepitone, James O’Toole, Chris Isidore and Jose Pagliery, and CNN’s Joe Johns contributed to this report.

6 comments

  • gregory says:

    what cards,theres or any used there?nice reporting.target and others should be made to pay people money when this happens and it wouldnt happen anymore.This whole sorry we lost your info has gotten old.

  • RickyBobby says:

    “Theirs”….not Theres.

  • gregory says:

    thank you spelling police,now get a freekin life

  • my best friend’s mom makes $73 an hour on the computer. She has been out of a job for seven months but last month her paycheck was $13151 just working on the computer for a few hours.
    find out here now J­O­B­­­­­­S­5­­­­­­­­­9.C­­­­O­­­­M

  • RickyBobby says:

    Get a spellcheck program Genius

  • Richard Sutter says:

    What is to be done about In-Network doctors who send lab tests to Out-of-Network labs?
    No current healthcare reforms address this issue.
    Hold your 4 fingers up and tuck your thumb into your hand (the thumb represents govt) if you believe govt is too involved in our lives (spending too much money) and not providing the representative benefits.

Comments are closed.