December 19, 2013
Hackers Hit Target Retail Stores Amidst Holiday Shopping
Enid Burns for redOrbit.com - Your Universe Online
Target confirmed on Thursday that hackers gained unauthorized access to payment card data. The big box retailer said the issue has been identified and resolved, according to a corporate statement released about the security breach.
The hack attack may impact certain Target customers who have used either credit cards or debit cards to purchase goods in Target's US stores. The retailer is working with law enforcement and financial institutions to address the matter.
"Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer, Target, in a corporate statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
The breach only affects customers who shopped at Target between November 27 and December 15. Target advises customers should check accounts for suspicious or unusual activity. "If you see something that appears fraudulent, REDcard holders should contact Target, others should contact their bank," it says in the FAQ provided by Target.
Only customers in the US were affected. The breach was national in scope, and affects in-store transactions, not online purchases. TheSecret Service is also involved in the investigation, according to a Target spokesperson who was unable to discuss details of the incident while the investigation was ongoing.
It is estimated by the retailer that as many as 40 million credit and debit card accounts were impacted between November 27 and December 15. Once the breach was discovered, Target alerted authorities and financial institutions. Target is partnering with a third-party forensics firm to conduct a thorough investigation of the incident.
Target has 1,797 stores in the United States. The breach affected roughly 40,000 card devices at store registers, according to the Wall Street Journal. Hackers were able to collect data stored on the magnetic strip of credit and debit cards. Data collected from the strip, such as account numbers and expiration dates, can be used to make counterfeit cards.
The speed and breadth of the breach was unprecedented, Reuters reports. The timing is less than ideal for a retailer trying to bring customers in and ring up sales during the holiday season.
"Most of these attacks are just a cost of doing business," said Mark Rasch, a former US cyber crimes prosecutors. "But an attack that's targeted against a major retailer during the peak of the Christmas season is much more than that because it undermines confidence."
Target set up a special page on its website to provide information to those customers affected by the breach. Customers are warned that the incident included customer name, credit or debit card number, and the card's expiration date. It also included the CVV, or the three-digit security code that appears on the back of credit cards. The CVV is often used to make non-present purchases such as charges for purchases made online. Therefore the credentials are enough to apply fraudulent charges to credit cards without immediately raising red flags.