Because it’s not the holidays without family, friends, gifts, reindeer, and news of a massive breach of credit and debit card records, the folks at Target are reportedly looking into the possibility that its customers’ information may have been compromised during the busiest shopping season of the year.
Cybersecurity expert Brian Krebs cites multiple sources at large credit card issuers who tell him that the retailer is investigating a potential data breach that appears to have begun on Black Friday, and which would impact nearly all of the store’s locations in the U.S.
Krebs’ sources say the alleged breach only lasted for about a week, but it’s recently been discovered that it may have continued until around Dec. 15. The total number of accounts affected by the hack is not known, but millions of people all over the country flooded Target stores during these weeks in preparation for the Christmas holiday.
He reports that the “track data” allegedly stolen from customers’ accounts allows the data thieves to create counterfeit cards by encoding that information onto any blank card with a magnetic strip. Debit cards would also be at risk if the hackers have access to PIN information for cardholders. Duplicated debit cards could be used to siphon cash directly from accounts via ATM.
It’s not yet known if the breach extends to Target.com customers.
“The breach window is definitely expanding,” one anti-fraud analyst at a bank card issuer tells Krebs. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”
Another analyst says that if the breach is as bad as it appears, it could be “up there with some of the largest retail breaches to date.”
As of hitting “Publish” on this post, Target has not responded to requests for comment.
by Chris Morran via Consumerist