Target retailer investigating data breach involving 40M card accounts

Pierluigi Paganini December 20, 2013

US retailer Target is investigating a data breach potentially involving millions of customer credit and debit card data occurred during holiday shopping.

Nearly 40 Million credit and debit card accounts belonging to customers of American retailing company Target may have been stolen during the traditional holiday shopping season.

The news has been provided by the company with a public statement published, all the users who have shopped at Target’s stores during the Black Friday weekend are advised.

“We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013.” ” Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.” states the advisory.

At risk are all those customers who made purchases by swiping their cards at terminals in the stores of the Target company during the above period.

Credit and debit card numbers are precious commodities sold in the underground, numerous black markets offer them to criminal gangs that need to prepare bogus cards for scams.

Just to provide you an idea of the value of a similar information I report the price list from the study proposed by security experts Stewart from Dell SecureWorks and independent researcher David Shearhave who explored online underground marketplace for stolen data.

Target price list card underground


target store

As usual, the excellent Brian Krebs of KrebsOnSecurity produced a detailed description of the events clarifying that the possible victims of the alleged data breach don’t include online shoppers.

Target hasn’t provided further information on the incident, but anyway it has reassured its customers announcing that it has fixed the issue that caused the problem and credit card account holders can continue shopping.

KrebOnSecurity remarked that it’s not clear how many card thieves may have stolen in the breach, but sources from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach.

“A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.” ” reported Brian Krebs.

This period of the year is very profitable for cyber criminals due to the intensification of shopping activities, due this reason it is necessary to adopt all necessary measures to stay secure.

As suggested in the statement issued by Target it is necessary to “remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports” , to early discover ongoing illegal activities.

If users discover any suspicious activity on their accounts it is indispensable to immediately report to law enforcement and financial institutions.

In the specific case, it is suggested to the customers of Target to contact the Federal Trade Commission (“FTC”) or law enforcement to report incidents of identity theft

“To learn more, you can go to the FTC’s Web site, at, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.”

Just for curiosity it is interesting to highlight that company’s stock was down more than 2 percent in afternoon trading.

The breach appears comparable to the one occurred in 2007 to TJ Maxx parent TJX Companies when sensitive data on 45.7 million credit card accounts was harvested from compromised systems within the retailer’s network.

The TJX company spent years rebuilding its reputation and total damage was estimated to be more than  $256m.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Target, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment