A Little Credit Card Theft With Your Holiday Shopping: Target's Big Holiday Headache


This holiday season, tens of millions of shoppers entered Target stores nationwide, filled up their carts, swiped their credit and debit cards and headed happily out the door. Meanwhile, hackers happily broke into Target’s network and stole their credit card numbers.

It’s enough to make Ebenezer Scrooge blush with shame.

The recent data breach potentially scammed millions of customer credit and debit card records, according to sources for the security Web site KrebsOnSecurity. This morning (December 19), Target issued a statement confirming the breach, saying it may have affected 40 million credit and debit cards used between November 27 and December 15, 2013: in other words, at the height of the holiday shopping season. It’s possible that nearly every Target location nationwide has been affected.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and CEO of Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

 It’s not only likely to be a headache for consumers, who have enough to worry about during the holidays, but it’s a huge black mark against Target, as well. The company says it has alerted authorities and financial institutions to ensure that they are aware of the unauthorized access, and is putting all appropriate resources behind these efforts, including a third-party forensics firm to investigate the breach.

KrebsOnSecurity notes that there are no indications at this time that the breach affected customers who shopped on Target’s Web site; it seems to be confined to physical store locations.

“The type of data stolen — also known as ‘track data’ — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe,” wrote Brian Krebs. “If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.”

It’s interesting to note that without a California law requiring companies to notify cardholders of data breaches, we as a nation might never have heard of this breach. There is no single federal law that requires companies outside of the healthcare and financial services sector to notify customers when their private data may have been exposed, and companies were traditionally reluctant to do so. A landmark California law enacted in 2003 began requiring all companies experiencing a breach of customer information to inform those customers. As a result, companies have been forced to let customers know their information was exposed. To date, 46 states have followed California’s example and passed state regulations requiring notification of customers of potentially compromised private data.  Alabama, Kentucky, New Mexico, and South Dakota remain the only states in which companies are not required to notify customers that their data has been exposed.

As with other retailer data breaches in the past, Target will likely direct shoppers to replace credit and debit cards and will provide free credit monitoring services to prevent unauthorized use of the cards. Shoppers who suspect unauthorized activity on their cards are being encouraged to contact Target at 866-852-8680.

Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributor

Related Articles

View the Masters Tournament from New Perspective Provided by IBM

By: Greg Tavarez    3/30/2023

IBM and the Masters introduced two innovative new features as part of the Masters app and Masters.com digital experience.

Read More

Small Businesses Gain Confidence with Mastercard Easy Savings on McAfee Security Solutions

By: Greg Tavarez    3/29/2023

McAfee and Mastercard expanded their partnership to offer Mastercard Business cardholders automatic savings on online protection solutions from McAfee…

Read More

Through OpenAI Plugins, ChatGPT Can Officially Access the Internet

By: Alex Passett    3/28/2023

OpenAI released plugin features for ChatGPT that enable it to connect to third-party sites, in essence granting it access to the internet past its pre…

Read More

Complete Guide to Passwordless Login

By: Contributing Writer    3/27/2023

Passwordless login is a security method that eliminates the need for traditional passwords by using alternative means to verify a user's identity. Thi…

Read More

What the Fall of Silicon Valley Bank Means for the Future of Venture Capital

By: Special Guest    3/27/2023

With a projected recession on the horizon, venture capitalists were already pulling back on new investments and concentrating on solidifying their exi…

Read More