It looks like Christmas is being heralded with another massive credit/debit card hack. US retailer, Target, has issued a statement saying that its systems were breached between November 27th and up until December 15th.
The company said: “We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).”
A few days after making this statement Target admits that up to 40 million credit and debit card accounts may have been affected.
Update December 27th
Stolen Target card details for sale – between $20 and $100
- According to KrebsonSecurity card details have begun appearing on deep web sites, offered for anywhere between $20 and $100.
- Banks have begun lowering the spending limit on cards that may have been compromised with Chase Morgan leading the way by reducing ATM withdrawals to $100 and daily spending limits to $300.
- It appears that the breach was a result of malware planted on computer systems that linked the checkout desks.
And in a related aside a number of customers have filed lawsuits against Target claiming it was negligent in protecting their data. This is a uniquely American phenonmena, and for those of us outside of the States, it seems the move towards litigation is almost instinctive when anything goes wrong.
However, it’s not clear how much legal responsibility US companies have to protect this sort of data. Certainly, there’s limited judicial guidance on what constitutes negligence in the cyber security area.
At the end of the day, we all implicitly rely on the security of companies we do business with. But as the Target breach illustrates many companies are often outgunned by highly-motivated hackers. As such, given that much of lives are spent online we need to take our own steps to practice good online identity theft protection.
BullGuard has launched an Exclusive Holiday sale with 50% off leading products. It’s a great opportunity to get some of the best security around at a mega discount.
Plundering bank accounts – the direct effect of Target hacking
The concern is that the stolen data will be put up for sale on the deep web and/or used to create counterfeit credit and debit cards. And of course it’s highly likely that some back accounts will be plundered fairly quickly.
The hack doesn’t appear to have affected online shoppers. Rather the data appears to have been stolen from the magnetic strips on the cards. And apparently, it extends to most Target stores, over 1,000, but not all of them. This suggests, though we don’t know for certain, that an electronic payment system network that collects these details and sends them to the company’s servers has somehow been breached.
Identity theft protection
Target says it has identified and rectified the problem without providing any details, but that still leaves 40 million card details exposed. This is not the first and it certainly won’t be the last large scale credit/debit card hack. Clearly, in cases like this it pays to keep a close eye on your account and also practice good online identity theft protection.
The scale of the breach puts Target up there with TJX Companies (which owns TK Maxx in the UK) and Heartland Payment Systems. These two companies hold the dubious distinction of being victim to some of the largest hacks to date. Data from 45 million customer credit and debit card details were lifted from TJX Companies and Heartland Payment Systems, which processes card payments, lost data from 130 million cards.
With TJX Companies, hackers broke into the store’s wireless networks as a means of accessing systems at its HQ where payment data was stored. In Heartland’s case, an internal card processing network was hacked and malicious software installed that allowed the hackers to steal card data.
Target is the second-largest retailer in the US behind Wal-Mart. It’s been around for over 100 years and sells just about everything you’d expect of a US retailing giant from electronic goods to clothes, food, toys, and hardware and gardening equipment.