A Little Credit Card Theft With Your Holiday Shopping: Target's Big Holiday Headache

By

This holiday season, tens of millions of shoppers entered Target stores nationwide, filled up their carts, swiped their credit and debit cards and headed happily out the door. Meanwhile, hackers happily broke into Target’s network and stole their credit card numbers.

It’s enough to make Ebenezer Scrooge blush with shame.

The recent data breach potentially scammed millions of customer credit and debit card records, according to sources for the security Web site KrebsOnSecurity. This morning (December 19), Target issued a statement confirming the breach, saying it may have affected 40 million credit and debit cards used between November 27 and December 15, 2013: in other words, at the height of the holiday shopping season. It’s possible that nearly every Target location nationwide has been affected.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and CEO of Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

 It’s not only likely to be a headache for consumers, who have enough to worry about during the holidays, but it’s a huge black mark against Target, as well. The company says it has alerted authorities and financial institutions to ensure that they are aware of the unauthorized access, and is putting all appropriate resources behind these efforts, including a third-party forensics firm to investigate the breach.

KrebsOnSecurity notes that there are no indications at this time that the breach affected customers who shopped on Target’s Web site; it seems to be confined to physical store locations.

“The type of data stolen — also known as ‘track data’ — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe,” wrote Brian Krebs. “If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.”

It’s interesting to note that without a California law requiring companies to notify cardholders of data breaches, we as a nation might never have heard of this breach. There is no single federal law that requires companies outside of the healthcare and financial services sector to notify customers when their private data may have been exposed, and companies were traditionally reluctant to do so. A landmark California law enacted in 2003 began requiring all companies experiencing a breach of customer information to inform those customers. As a result, companies have been forced to let customers know their information was exposed. To date, 46 states have followed California’s example and passed state regulations requiring notification of customers of potentially compromised private data.  Alabama, Kentucky, New Mexico, and South Dakota remain the only states in which companies are not required to notify customers that their data has been exposed.

As with other retailer data breaches in the past, Target will likely direct shoppers to replace credit and debit cards and will provide free credit monitoring services to prevent unauthorized use of the cards. Shoppers who suspect unauthorized activity on their cards are being encouraged to contact Target at 866-852-8680.




Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More