Cyber Crooks Target Millions of Holiday Shoppers
Online thieves stole credit and debit card data from roughly 40 million customers who shopped at Target stores nationwide during the holiday spending blitz, the retail chain has acknowledged. Since then, investigators have been trying to determine the extent and the source of the breach.
Target announced in late December that the stolen data included customer names, credit and debit card numbers, card expiration dates and card verification value, or CVV. The company said it is working with the U.S. Department of Justice and the Secret Service.
Although the hackers took encrypted PIN data, “we remain confident that PIN numbers are safe and secure,” the chain said in a statement issued Dec. 27. The news release also said that the “key” needed to decrypt the compromised PIN numbers does not exist within Target’s network and therefore could not have been stolen in the data breach. Only the credit and debit card processing companies have access to the “key.”
“The most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken,” according to the Minneapolis, Minn.-based company, which reported $72 billion in sales in 2012.
However, at least two major banks temporarily lowered the caps on their customers’ credit and debit card transactions after the Target breach. Gartner analyst Avivah Litan told Reuters that such a move was “really extreme” and indicates that the banks are concerned about fraudulent cash withdrawals.
The breach occurred at Target’s almost 1,800 stores in the United States, meaning Target.com and the chain’s 124 Canadian stores were not affected. The breach is believed to have involved thousands of card-reader devices used at store registers, according to an article in The Wall Street Journal.
Security experts advise anyone who shopped at Target during the affected time period – Nov. 27 to Dec. 15 – to continue to scrutinize their bank and credit card statements for unauthorized activity. A spokeswoman for LastPass, a password security company, recommended that Target shoppers change their debit card PINs.
“You should also consider getting your cards replaced if you know you shopped at Target during that time,” spokeswoman Amber Gott told Mashable.
Target also has issued a series of tips for its customers, including: request a free credit report; and do not provide a PIN or Social Security number if requested to do so by someone purporting to be a Target representative.