US retailer Target has been hit by a huge security breach, with credit card data from up to 40 million customers being stolen at the height of the festive shopping season.
Information including customer names, credit or debit card numbers, card expiration dates and CVV three-digit security codes was stolen in the period between November 27th and December 15th, which included Black Friday, the biggest shopping day of the year. Only shoppers in physical stores were targeted, with web-based transactions remaining unaffected.
The theft from Target, the world’s 11th biggest retailer, is one of the largest data security breaches in the retail industry since 2007 when discount chain TJX Companies, owner of TJ Maxx in the US and TK Maxx in the UK, fell victim to fraudsters.
Target, has warned customers on its website that they should “remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports”.
According to security analysts, store check outs have increasingly become targets for cybercriminals in recent years.
John Kindervag, a principal analyst with Forrester Research, claimed: “This is a breach that should have never happened,” adding that the fact CVV codes were stolen suggests the company was storing them, something banned by card brands:
“Clearly by exposing CVV information Target has demonstrated a blatant disregard for . . . compliance regulations as well as card security best practices.”
Mark Rasch, a former U.S. prosecutor of cybercrimes commented:
“Most of these attacks are just a cost of doing business. But an attack that’s targeted against a major retailer during the peak of the Christmas season is much more than that because it undermines confidence.”
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more
