Target And Its Customers Fall Victim To Holiday Security Breach

By Anna Rose Welch, Editorial & Community Director, Advancing RNA

Incident has left millions of cardholders vulnerable

It’s the season of giving, however, what retailer Target and its customers didn’t realize was that they were the victims of a major credit card attack, unwillingly giving criminals access to about 40 million accounts and personal credit card information. The breach occurred between November 27 and December 15 — at the height of the holiday shopping season. Target CEO Gregg Steinhafel says in a statement, “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence … We take this matter very seriously and are working with law enforcement to bring those responsible to justice.” So far, the Secret Service has announced it is investigating the incident, and Target is working with authorities and financial institutions to resolve the issue.

The breach is said to have affected those who visited bricks-and-mortar stores. There are no indications currently that the breach has affected customers who completed purchases online. According to Krebs on Security, this breach involved the theft of “track data,” which would enable the crooks to create counterfeit cards by encoding the stolen information onto another card with a magnetic strip. If customers’ pin numbers were compromised, it could also be possible for the thieves to access a customer’s account through an ATM and withdraw cash.

Over the years, cybercriminals have used a variety of tactics to target point of sale systems and steal customers’ credit card data. Michael Sutton, VP of the security company ZScaler says, “Criminals go where the money is. Typically, criminals will steal credit card information and then sell it. There’s a very elaborate economy built around this type of crime. That’s a very valuable asset that can be obtained completely through remote Internet access.” Experts are advising those who shopped at Target this holiday season to keep an eye on their accounts for unauthorized transactions and to change the pins to their debit accounts to be safe.

Considering Target is one of the largest retailers in the United States, it becomes clear, as Sutton puts it, “No one is immune.” To date, one of the largest security breaches on record took place in 2009 when cybercriminals targeted Heartland Payment systems and, with the help of malware, gained data for 130 million cards. In 2007, an incident affected over 90 million credit and debit cardholders shopping at T.J. Maxx and other discount chains. However, more recently, retailer Barnes and Noble reported that customers who had shopped in 63 of their stores in a variety of different states had fallen victim to “a sophisticated criminal effort.” In this particular incident, the criminals has planted bugs in the stores PIN pads, enabling the criminals to lift credit card and PIN numbers.  Online transactions through the store’s website and through the Nook reader and apps were unaffected.

PCI compliance to protect your business from data breach

Want to publish your opinion?
Contact us to become part of our Editorial Community.