US retail giant Target is investigating a security breach that could turn out to be one of the biggest ever, involving compromised payment card information of millions of its customers.
News about the breach were first shared by anonymous sources with investigative journalist Brian Krebs on Wednesday. They say that it all started just after this year’s Thanksgiving (last few days in November) and lasted until at least December 6, it not more.
Target is one of the biggest American retail companies, with over 1,900 of sales locations in the US and in Canada.
Apparently the attackers managed to compromise Point-of-Sale terminals at a considerable number of those brick-and-mortar shops all over the US, just in time to take advantage of the Black Friday and Cyber Monday sales following Thanksgiving, and the shopping sprees that happen in the weeks before the winter holiday season.
According to the sources, at least 1 million cards’ Track 2 data (card / account number, expiry date, service code) is though to have been stolen. It’s unknown whether PIN codes were also compromised.
It’s also still unknown whether Target online shoppers were affected by the breach.
Target is yet to comment on the matter, and to notify potentially affected customers.
According to reports, the breach is also being investigated by major card companies and the US Secret Service.
Users who did their shopping at Target during the aforementioned period would do well to check their credit and debit card reports closely for the foreseeable future in order to spot unauthorised charges as soon as possible and dispute them.
Target has confirmed the breach with a public statement, saying that they are aware of the breach, that they have identified and resolved the issue, and that they are working with law enforcement “to bring those responsible to justice.”
“Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013,” they confirmed, adding that they have alerted authorities and financial institutions immediately after they were made aware of the unauthorized access, and that they have partnered with a leading third-party forensics firm to conduct a thorough investigation of the incident.