Skip to main content

Target confirms up to 40 million credit and debit cards are at risk following Black Friday hack (update)

Target confirms up to 40 million credit and debit cards are at risk following Black Friday hack (update)

/

One of America's biggest retailers may have fallen to hackers

Share this story

Target flickr http://www.flickr.com/photos/roadsidepictures/2923629922/
Target flickr http://www.flickr.com/photos/roadsidepictures/2923629922/

Retailers are an appealing target for hackers during the holidays, and Target may be learning that lesson the hard way. According to Krebs on Security, the US retail giant is investigating a major breach that could potentially involve "millions" of customer credit and debit card records. The sophisticated hack reportedly took place over several weeks — starting on Black Friday and possibly extending all the way through December 15th — and is said to involve "nearly all" Target stores in the United States.

Krebs says the breach "involves the theft of data stored on the magnetic stripe of cards used at the stores." Online orders are said to be unaffected. Still, it sounds like a worst case scenario for Target and its shoppers, with Krebs writing:

The type of data stolen — also known as "track data" — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.

Thus far Target has offered no comment on the rumored breach, nor any direct confirmation of a hack. An anti-fraud analyst at a "top-ten US bank card issuer" made the situation sound dire, telling Krebs, "We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized." We have reached out to the company for more details.

Update: The Wall Street Journal is now independently reporting the breach, with details that match Krebs' initial story. A spokesperson for the US Secret Service has confirmed to the Associated Press that it is in fact investigating the incident.

Update 2: Target has now confirmed the data breach. Up to 40 million card accounts may have been affected between November 27th and December 15th. In a press release, the company says it "alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts."