A Little Credit Card Theft With Your Holiday Shopping: Target's Big Holiday Headache


This holiday season, tens of millions of shoppers entered Target stores nationwide, filled up their carts, swiped their credit and debit cards and headed happily out the door. Meanwhile, hackers happily broke into Target’s network and stole their credit card numbers.

It’s enough to make Ebenezer Scrooge blush with shame.

The recent data breach potentially scammed millions of customer credit and debit card records, according to sources for the security Web site KrebsOnSecurity. This morning (December 19), Target issued a statement confirming the breach, saying it may have affected 40 million credit and debit cards used between November 27 and December 15, 2013: in other words, at the height of the holiday shopping season. It’s possible that nearly every Target location nationwide has been affected.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and CEO of Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

 It’s not only likely to be a headache for consumers, who have enough to worry about during the holidays, but it’s a huge black mark against Target, as well. The company says it has alerted authorities and financial institutions to ensure that they are aware of the unauthorized access, and is putting all appropriate resources behind these efforts, including a third-party forensics firm to investigate the breach.

KrebsOnSecurity notes that there are no indications at this time that the breach affected customers who shopped on Target’s Web site; it seems to be confined to physical store locations.

“The type of data stolen — also known as ‘track data’ — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe,” wrote Brian Krebs. “If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.”

It’s interesting to note that without a California law requiring companies to notify cardholders of data breaches, we as a nation might never have heard of this breach. There is no single federal law that requires companies outside of the healthcare and financial services sector to notify customers when their private data may have been exposed, and companies were traditionally reluctant to do so. A landmark California law enacted in 2003 began requiring all companies experiencing a breach of customer information to inform those customers. As a result, companies have been forced to let customers know their information was exposed. To date, 46 states have followed California’s example and passed state regulations requiring notification of customers of potentially compromised private data.  Alabama, Kentucky, New Mexico, and South Dakota remain the only states in which companies are not required to notify customers that their data has been exposed.

As with other retailer data breaches in the past, Target will likely direct shoppers to replace credit and debit cards and will provide free credit monitoring services to prevent unauthorized use of the cards. Shoppers who suspect unauthorized activity on their cards are being encouraged to contact Target at 866-852-8680.

Edited by Cassandra Tucker

TechZone360 Contributor

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More