Thursday, December 19, 2013

Target still mum on massive point-of-sale hack as far back as Black Friday, affecting up to 1800 stores, debit and credit cards

UPDATE: Finally, after being outed by Krebs and ensuing news reports, Target has admitted to reporters what it has known for some time: that its security breach is massive and may affect tens of millions of people.
     But there is nothing at the front page of and searching for "credit card security breach" at Target's web site yields nothing relevant to the search.

From "multiple reliable sources" via Krebs On Security:
     The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year.
     According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.
     Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment.
     There are no indications at this time that the breach affected customers who shopped at Target’s online stores. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.
USA Today says the Secret Service is investigating.

No comments:

Post a Comment