Viewing on a mobile device? click here for our mobile version

   
 

December 19, 2013

       

 
   


Target's POS breach could have worldwide implications as one this size is absolutely an organized crime ring and will be quickly using those cards worldwide
  Here's the articles in chronological order to follow the story better:

Target Says Data Was Stolen From 40 Million Shoppers
Target confirmed Thursday morning that it was investigating a security breach involving stolen credit card and debit card information for 40 million of its retail customers. Target said that cybercriminals had accessed customer names, credit or debit card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped at its stores. (Source nytimes.com)

Target confirmed that criminals gained access to its customer information on Nov. 27  The day before Thanksgiving and just ahead of one of the busiest shopping days of the year — and maintained access through Dec. 15. Target said it had confirmed that its online customers were not affected by the breach, which appears to have been isolated to the point-of-sale systems in Target’s retail stores. Target said that cybercriminals had accessed customer names, credit or debit card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped at its stores. Immediately after discovering the breach, Target said, it alerted federal authorities and financial institutions, and is currently working with a third party forensics firm to conduct a thorough investigation. Brian Leary, a spokesman for the Secret Service, which investigates financial fraud, said the agency was investigating.



Target: 40 million credit cards compromised
The thieves reportedly gained access to data on the magnetic strips of shoppers' cards, potentially allowing them to produce counterfeit versions, according to Krebs. The thieves could also potentially withdraw cash from ATMs using counterfeit debit cards if they were able to intercept PIN data from Target, he said. (Source cnn.com)



Black Friday brings Target "Track Data" POS breach that may effect 40 million credit cards - could beat TJX's 2007 breach that impacted 45.7 million cards  According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores. Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that timeframe. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs. One credit card association said 1 million already impacted. (Source krebsonsecurity.com)

Target Nationwide Hit by Credit-Card Breach - Customers' Info May Have Been Stolen Over Black Friday Weekend  Target was hit by an extensive theft of its customers' credit-card and debit-card data over the busy Black Friday weekend, a brazen breach of the major retailer's information security. The company early Thursday confirmed a data breach may have affected about 40 million credit- and debit-card accounts between Nov. 27 and Dec. 15. Target said it alerted authorities and financial institutions immediately after it found out about the unauthorized access. It added that it is partnering with a forensics firm to conduct an investigation into the incident. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice," said Target CEO Gregg Steinhafel in a statement. The theft was national in scope and happened in stores, not online, and may have involved tampering with the machines customers use to swipe their cards when making purchases, people familiar with the matter said. (Source wsj.com)

Target's breach "may be continuing" according to a person involved in the investigation, who spoke on condition of anonymity  Cybercriminals appear to have focused on the point-of-sale systems in Target’s retail stores, which collect information from customers’ credit and debit cards, and potentially personal identification numbers, or PINs. To date, Target customers have not yet been made aware of the breach. Though state notification laws differ, most states require that companies notify customers of a breach if their names are compromised in combination with other information like a credit card, Social Security number or driver’s license number. (Source nytimes.com)

This D&D Daily Special Report sponsored by Vector Security
 

 

 
 

 
 

SUBSCRIBESU  update account      /     FEEDBACK    /      www.downing-downing.com     /     ADVERTISE WITH THE DAILY