A Little Credit Card Theft With Your Holiday Shopping: Target's Big Holiday Headache

By Tracey E. Schelmetic December 19, 2013

This holiday season, tens of millions of shoppers entered Target stores nationwide, filled up their carts, swiped their credit and debit cards and headed happily out the door. Meanwhile, hackers happily broke into Target’s network and stole their credit card numbers.

It’s enough to make Ebenezer Scrooge blush with shame.

The recent data breach potentially scammed millions of customer credit and debit card records, according to sources for the security Web site KrebsOnSecurity. This morning (December 19), Target issued a statement confirming the breach, saying it may have affected 40 million credit and debit cards used between November 27 and December 15, 2013: in other words, at the height of the holiday shopping season. It’s possible that nearly every Target location nationwide has been affected.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and CEO of Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

 It’s not only likely to be a headache for consumers, who have enough to worry about during the holidays, but it’s a huge black mark against Target, as well. The company says it has alerted authorities and financial institutions to ensure that they are aware of the unauthorized access, and is putting all appropriate resources behind these efforts, including a third-party forensics firm to investigate the breach.

KrebsOnSecurity notes that there are no indications at this time that the breach affected customers who shopped on Target’s Web site; it seems to be confined to physical store locations.

“The type of data stolen — also known as ‘track data’ — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe,” wrote Brian Krebs. “If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.”

It’s interesting to note that without a California law requiring companies to notify cardholders of data breaches, we as a nation might never have heard of this breach. There is no single federal law that requires companies outside of the healthcare and financial services sector to notify customers when their private data may have been exposed, and companies were traditionally reluctant to do so. A landmark California law enacted in 2003 began requiring all companies experiencing a breach of customer information to inform those customers. As a result, companies have been forced to let customers know their information was exposed. To date, 46 states have followed California’s example and passed state regulations requiring notification of customers of potentially compromised private data.  Alabama, Kentucky, New Mexico, and South Dakota remain the only states in which companies are not required to notify customers that their data has been exposed.

As with other retailer data breaches in the past, Target will likely direct shoppers to replace credit and debit cards and will provide free credit monitoring services to prevent unauthorized use of the cards. Shoppers who suspect unauthorized activity on their cards are being encouraged to contact Target at 866-852-8680.

Edited by Cassandra Tucker

TechZone360 Contributor

Related Articles

Compliance: Hope Is Not a Plan

By: Special Guest    8/1/2018

Internal misalignment between compliance and business teams can lead to major problems for organizations seeking to implement new digital communicatio…

Read More

Modern Moms Shaping Influence

By: Maurice Nagle    7/19/2018

Everyone knows Mom knows best. The internet is enabling a new era in sharing, and sparking a more enlightened, communal shopping experience. Mommy blo…

Read More

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More