Target Corp. acknowledged early Thursday that there was a massive security breach of its customers’ credit and debit card accounts starting the day before Thanksgiving and extending at least to Dec. 15 — the heart of the holiday shopping season.
“Approximately 40 million credit and debit card accounts may have been impacted,” the retailer said. The hacking involved not only Target-issued cards but those from other issuers as well. The size of the breach puts it in the upper echelon of recent hackings into consumers’ payment accounts. As The Wall Street Journal reminds readers:
“One of the biggest incidents to hit the industry took place in 2007, when thieves stole card numbers and personal data on up to 90 million cards belonging to people who had shopped at stores owned by TJX, parent of T.J. Maxx, HomeGoods and other discount chains.
“In July, federal prosecutors unsealed criminal charges in an ongoing investigation of a group of people believed to have stolen more than 160 million credit and debit card numbers from companies including J.C. Penney Co., 7-Eleven, Nasdaq OMX Group, JetBlue Inc. and others over several years.”
The data breach at Target was first reported by Brian Krebs, an independent journalist who focuses on security news and blogs at Krebs on Security.
According to Minneapolis’ Star Tribune:
“A spokeswoman for American Express confirmed the breach in an interview with the Star Tribune, and the Secret Service confirmed to The Wall Street Journal and the Associated Press that it has begun its own investigation.”
In its Thursday statement, Target says it has “resolved the issue” and is working with authorities “to bring those responsible to justice.” The retailer has 1,797 stores in the U.S. and 124 in Canada.
The Star Tribune notes that:
“Thieves in possession of account numbers could use the information to make counterfeit credit cards and, if the personal identification numbers for the cards were also intercepted, the phony cards could be used to withdraw cash from ATMs.
“Consumers should watch their card statements for bogus charges and notify their banks if they see any so they won’t be liable.”
Krebs reports that “there are no indications at this time that the breach affected customers who shopped at Target’s online stores.” The targets appear to have been customers who went to one of the retailer’s brick-and-mortar locations.