Retail giant Target Corp. has confirmed its cash registers have been hacked, exposing about 40 million credit and debit card numbers.
The thieves managed to get customer names, card numbers, expiration dates, and the three-digit CVV security codes printed on most credit cards and debit cards from Target’s point-of-sales system. Only customers who visited Target’s brick-and-mortar stores were compromised.
In an announcement earlier today, the U.S.-based retailer said it had informed authorities and financial institutions, writes John Biggs for TechCrunch. However, there’s still no word on how the breach happened. In the meantime, Target has hired third-party forensic investigators to find out how it was done.
However, Biggs writes Target moved slowly on the breach. The first rumours of the attack started cropping up last week, when cybersecurity journalist Brian Krebs broke a story on how the thieves may have broken into Target stores’ wireless networks and scraped “track data,” the data that lives on each credit card’s magnetic track.
“Loss of the track information from the credit cards is particularly nasty as it can allow for card cloning. That said, just the cardholder’s name, card and security code has the potential for widespread online ordering fraud which can be particularly nasty considering we’re in the midst of the holiday season,” said James Lyne, global head of security research at data protection company Sophos Inc., in an interview with Biggs.
Data breaches aren’t exactly rare – in 2009, U.S. payment solutions provider Heartland Payment Systems Inc. lost 130 million card numbers in an attack, substantially more than Target. However, Biggs notes this is one of the most notable attacks to surface in a while.
When Biggs reached out to Target for comment, Target spokesperson Katie Boylan said the company was in an “ongoing investigation [and that] it was not appropriate to comment at this time … Target put all the appropriate resources on the issue.”
In the meantime, Target is telling its customers to stay “vigilant for incidents of fraud and identity theft.” It’s asking them to monitor their account statements and to use free credit reports.
Click the “Original Source Article” link for more.