BreachExchange mailing list archives
Target Says Data for 40 Million Shoppers Was Stolen
From: Jake <jake () riskbasedsecurity com>
Date: Thu, 19 Dec 2013 12:33:44 -0500
http://www.nytimes.com/2013/12/20/technology/target-stolen-shopper-data.html?hpw&rref=business&_r=0 SAN FRANCISCO — Target confirmed Thursday morning that it was investigating a security breach involving stolen credit card and debit card information for 40 million of its retail customers. In a statement,Target said that criminals gained access to its customer information on Nov. 27 — the day before Thanksgiving and just ahead of one of the busiest shopping days of the year — and maintained access through Dec. 15. “As of Dec. 15, we identified an unauthorized access and were able to resolve the issue,” Molly Snyder, a Target spokeswoman, said in an email. A security blogger, Brian Krebs, first reported the breach on Wednesday. Target said that criminals had stolen customer names, credit or debit card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped at its stores. The company noted that online customers were not affected by the breach, which appeared to have been isolated to the point-of-sale systems in Target’s retail stores. Immediately after discovering the breach, Target said, it alerted federal authorities and financial institutions, and is currently working with a third-party forensics firm on an investigation. Brian Leary, a spokesman for the Secret Service, which investigates financial fraud, said the agency was investigating. Target advised its store customers to scan their credit and debit accounts for unauthorized transactions and check their credit reports. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice,” Gregg W. Steinhafel, Target’s chairman and chief executive, said in a statement. Point-of-sale systems have become a major target for cybercriminals in recent years. By breaching point-of-sale systems, they can steal the so-called track data on credit and debit cards, which can be sold, in bulk, on the black market and used to create counterfeit cards. A similar breach affected Barnes & Noble stores last year. Last year,criminals also breached Global Payment Systems, one of the biggest card transactions processors. The biggest known security compromise to date was an attack at Heartland Payment Systems, another credit card processor, in 2009. Criminals used malware to break into the company’s internal network and steal data for 130 million cards. In such cases, security experts said a company insider could have inserted malicious software into a company machine, or persuaded an unsuspecting employee to click on a link that downloaded software giving criminals a foothold into a company’s systems. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Target Says Data for 40 Million Shoppers Was Stolen Jake (Dec 19)