Target falls victim to massive Black Friday hack, up to 40 million credit cards at risk

By on December 19, 2013, 11:15 AM
hacking, security breach, theft, black friday, target, credit cards

Millions of Target shoppers may have ultimately received a bit more than they bargained for during Black Friday. Data from as many as 40 million credit accounts belonging to holiday shoppers may have fallen victim to a sophisticated hack that reportedly took place over several weeks starting on Black Friday and extending through December 15.

The security breach was first reported by Krebs on Security and was later independently confirmed by the Wall Street Journal before Target issued an official statement on the matter. A spokesperson for the US Secret Service said they are currently investigating the incident.

According to Krebs, the type of data stolen is known as track data which is the data stored on the magnetic strip of credit and debit cards. This information allows thieves to create counterfeit cards by loading stolen data onto bogus cards. In the event the crooks were able to get PIN numbers, they could also make fake debit cards and use them to withdraw cash from ATMs.

It is believed that the hack involved nearly every Target store in the US. An anti-fraud analyst for a top-ten US bank card issuer told Krebs that they can’t say for sure that all stores were impacted but they do see customers all over the US that were victimized.

Target said they alerted authorities and financial institutions immediately after the breach was made aware. What’s more, Target said they are putting all appropriate resources behind the efforts.




User Comments: 11

Got something to say? Post a comment
Kneep said:

I'm perdy sure when you guys get out of the dark ages and into the new this won't happen (as easily), how is it most cards in Canada are chip and not in the US??

3 people like this | cliffordcooley cliffordcooley, TechSpot Paladin, said:

I'm perdy sure when you guys get out of the dark ages and into the new this won't happen (as easily)
Ironically if we were still in the dark ages as you say, it wouldn't have happened at all.

5 people like this | wastedkill said:

What can you say they must have been a target...

3 people like this | MilwaukeeMike said:

What can you say they must have been a target...

I don't know if that's the worst pun ever... or the best.

MilwaukeeMike said:

I'm perdy sure when you guys get out of the dark ages and into the new this won't happen (as easily)
Ironically if we were still in the dark ages as you say, it wouldn't have happened at all.

No, the ironic thing is that my bank is BMO (that's Bank of MONTREAL) so if my card gets hacked I can blame it on Canada.

1 person liked this | Skandranonsg Skandranonsg said:

If we were all using Bitcoin to pay, no such theft could occur. ;o

Ivan Filipovic Ivan Filipovic said:

Question is: What is the business reason to store Track2 data in the first place? Usual answer is that there is none and that it's done only for lame programming or some historic reason that is not relevant anymore.

Anyway, this is direct violation of basic principles of PCI DSS. Sensitive Authentication Data must not be stored, never, nowhere, by no one! If someone knows that it is stored it will be stolen eventually no matter how good it is protected.

I hope Target gets fined for this.

captaincranky captaincranky, TechSpot Addict, said:

Y'all need to swallow your pride and shop at Walmart.

Some lady was on the evening news bitching her bank canceled her credit card. So, with the amount of accounts compromised this is a huge expense for the banks to cancel 40,000,000 credit cards. Methinks they should start a class action suit against Target. (Pronounced, "Tar-jhey" .

Personally, I wouldn't be caught dead in Target on Black Friday. After I get done eating my turkey TV dinner, I jump in my car, and head to the Best Buy in Delaware. No tax, and $4.00, 1 hour shipping.

What can you say they must have been a target...

I don't know if that's the worst pun ever... or the best.

That was pretty darn punny.

Just think, it's now summarily legal for a store to charge additional when you use a credit card. So boys and girls, you might get fired up an extra couple of points to get your data ripped off.:oops:

1 person liked this | Skidmarksdeluxe Skidmarksdeluxe said:

What can you say they must have been a target...

You should be pun-ished for that remark like that by doing a bit of time in the pun-itentiary.

Guest said:

"You should be pun-ished for that remark like that by doing a bit of time in the pun-itentiary."

There is where the puns should stop.

captaincranky captaincranky, TechSpot Addict, said:

"You should be pun-ished for that remark like that by doing a bit of time in the pun-itentiary."

There is where the puns should stop.

And we should "pun-ish" guest punsters by giving them Captchas they can't possibly decipher

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.