40m Target customers hit by card data security breach

US retailer Target has been hit by a huge security breach, with credit card data from up to 40 million customers being stolen at the height of the festive shopping season.

Information including customer names, credit or debit card numbers, card expiration dates and CVV three-digit security codes was stolen in the period between November 27th and December 15th, which included Black Friday, the biggest shopping day of the year. Only shoppers in physical stores were targeted, with web-based transactions remaining unaffected.

The theft from Target, the world’s 11th biggest retailer, is one of the largest data security breaches in the retail industry since 2007 when discount chain TJX Companies, owner of TJ Maxx in the US and TK Maxx in the UK, fell victim to fraudsters.

Target, has warned customers on its website that they should “remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports”.

According to security analysts, store check outs have increasingly become targets for cybercriminals in recent years.

John Kindervag, a principal analyst with Forrester Research, claimed: “This is a breach that should have never happened,” adding that the fact CVV codes were stolen suggests the company was storing them, something banned by card brands:

 “Clearly by exposing CVV information Target has demonstrated a blatant disregard for . . . compliance regulations as well as card security best practices.”

Mark Rasch, a former U.S. prosecutor of cybercrimes commented:

“Most of these attacks are just a cost of doing business. But an attack that’s targeted against a major retailer during the peak of the Christmas season is much more than that because it undermines confidence.”


Related reading

Leave a comment

Comments RSS TrackBack 2 comments