Massive Hack Attack on Target: Data Stolen from 40M Cards

Cybercriminals put a bullseye on Target, then hit it. The retailing giant is reporting hackers may have tapped into as many as 40 million accounts of consumers who shopped at its stores between Nov. 27 and Dec. 15.

Target acknowledged the hack on Thursday, calling it EUunauthorized access to Target payment card data.EU The retailer is recommending consumers review their account statements and credit reports to monitor for fraud. The company was quick to apologize, with EUdeep regretEU for any inconvenience it may cause and assured consumers it takes privacy and security seriously.

EUWe are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,EU the company said in a statement. EUAdditionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.EU

Heartland Revisited?

We caught up with Aaron Titus, CPO and general counsel at Identity Finder, a sensitive data management solution provider, to get his take on the breach. He told us EUtrack data,EU which is the data in question in the Target incident, is extra sensitive data physically stored on a credit card magnetic stripe, in addition to the card number, expiration date and verification code.

EUAlthough skimmers -- physical devices that steal track data from point-of-sale machines in stores -- can collect track data, it is extremely unlikely that hackers could have installed skimmers in Target stores across the country,EU he said.

At this point, he continued, it seems most likely that TargetEUs centralized card processing network was compromised with some sort of malware that stole track data, much like the 2009 Heartland Payment Systems breach.

EUOrganizations that...

Comments are closed.