If you did some Christmas shopping at Target over the last few weeks, you’ll want to pay close attention to your credit card statements, as the retailer is dealing with a major data breach.
Target says that its stores have been hit by a major credit-card attack involving up to 40 million accounts. The breach began around Black Friday, the day after Thanksgiving and the busiest shopping day of the year. The retailer said that the unlawful access to customer information took place between Nov. 27 and Dec.15.
So If you shopped at a U.S. Target store between November 27 and December 15, you should assume you’re at risk and keep a close watch on your account statements. It’s not clear whether every Target store was affected, but at least one card issuer says it’s seeing signs of fraud all over the United States, according to Krebs on security. You’re not in any danger if you shopped at Target’s website, or one of the company’s Canada stores.
Security breaches often involve hacking into a company’s servers and making off with the data, but the Target breach appears to be different. According to the Wall Street Journal, this theft “may have involved tampering with the machines customers use to swipe their cards when making purchases.”
The attackers could use magnetic stripe data to create counterfeit payment cards. The Wall Street Journal notes that crime rings often use these counterfeits to purchase gift cards at major retailers, and then convert them back to cash. The attackers could also withdraw cash from ATMs if they managed to steal PIN data from debit transactions, Krebs on Security notes.
How the thieves were able to compromise payment terminals on such a large scale is unclear.
The breach involves the theft of information stored on the magnetic stripe on the backs of cards used at nearly all of Target's stores around the country.
Target is based in Minneapolis and has almost 1,800 stores in the United States and 124 in Canada, according to its website.
An expert with a global firm that helps companies respond to and mitigate breaches said while he could not address the Target situation specifically, many companies — large and small — are typically under-prepared when they face a breach.
No comments:
Post a Comment