Today retailer Target announced that between November 27 and December 15 its point-of-sale systems – the cash registers mounted at the check-out areas of its stores – suffered an attack that exposed an estimated 40 million credit and debit card numbers. The company announced that it has “alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts.” It said it has hired outside support to investigate the source and method breach.
Thieves made off with customer names, card numbers, as well as expiration dates and the three-digit CVV security code. Only customers who visited Target stores were compromised.
The company moved quite slowly on this breach. On December 12 Brian Krebs reported the first rumors of the attack, suggesting it consisted of a wholesale scraping of “track data,” the data found on each credit card magnetic track. Krebs suggests that the thieves may have broken into the stores’ wireless networks and grabbed the card information as it was transferred from the cash registers.
Target spokesperson Katie Boylan said that the compan is currently “working with authorities and a leading third-party forensics firm” and explained that it was an “ongoing investigation [and that] it was not appropriate to comment at this time.”
“Target put all the appropriate resources on the issue,” she said.
Breaches like these are not uncommon but it’s rare to find one so far-reaching. In 2009 a payment systems provider lost 130 million card numbers in an attack. However, this is one of the most high profile attacks to date.
Target recommends customers “remain vigilant for incidents of fraud and identity theft by regularly reviewing their account statements and monitoring free credit reports.”
No comments:
Post a Comment