Target says 40 million cards may have been compromised in data breach

The US Secret Service is investigating a massive data card breach at Target retail stores across the United States.

Target has confirmed that approximately 40 million credit and debit card accounts may have been impacted over a two-week period beginning on Black Friday, the busiest shopping day of the year.

Gregg Steinhafel, Target chairman, president and chief executive officer, says: "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

The breach was first reported by security blogger Brian Krebs, who cites sources at two of the top ten credit card issuers in the US.

The breach may extend to "nearly all Target locations nationwide", and involves the theft of data stored on the magnetic stripe of cards used at the stores.

Using the stolen track data, crooks can create counterfeit cards by encoding the information onto any card with a magnetic stripe. "If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs," writes Krebs.

The crooks behind the scam have already started selling the haul on underground forums, with the price for the freshest card account data running at about $44 apiece.

Channels

Retail banking Security

Keywords

Eftpos

Comments: (2)

A Finextra member 20 December, 2013, 11:24

Be the first to give this comment the thumbs up

0 likes

If the USA had EMV live now, incidents of this nature and scale would not be happening.

Report abuse

Pat Carroll - ValidSoft - London 20 December, 2013, 15:02

0 likes

Once again we are sadly reminded of the vulnerability of businesses to data breaches, and we are left with 40 million customers fearing that their credit cards will be hijacked by fraudsters just in time for Christmas.

There has been a consistent rise in cyber-crime in the past few years, and traditional security solutions have proven to be inadequate to prevent this. So much so that it has become inevitable that, on occasion, card details will be stolen from businesses.

Whilst it is a difficult task indeed to prevent the theft of customer data, and we can expect to see instances such as these increase in 2014, the solution lies in real-time detection and prevention of the mis-use of such data to perpetrate fraud. The solutions exist to achieve this through low/no friction, real-time, context aware, multi-layered authentication models, which for the most part are totally invisible and intuitive.

This latest crime underlines once more the need for efficient, real-time, context-aware authentication and verification systems, but the security industry can only do so much. It remains the responsibility of financial institutions to implement these up-to-date systems and to protect their customers from future Christmases overshadowed by the fear of identity theft and payment card fraud