Announcement

Collapse
No announcement yet.

Target Stores breached -- millions of credit & debit cards at risk

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Target Stores breached -- millions of credit & debit cards at risk

    http://krebsonsecurity.com/2013/12/s...g-data-breach/

    Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year.

    According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.
    Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment.


    Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s main street stores during that timeframe.


    “The breach window is definitely expanding,” said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”

    We shop at Target frequently. Changing your on line password isn't going to fix this for you. Your bank or credit card company will have to issue you a NEW credit or debit card with a different PIN number and code number.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Now you know why they are called 'Target'!! I don't shop there.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Add one more to the list of 4,088 reported breaches since January 2005, affecting 621,955,664 records...

      Comment


        #4
        Originally posted by SteveRiley View Post
        Add one more to the list of 4,088 reported breaches since January 2005, affecting 621,955,664 records...
        That list is terrifying.

        Comment


          #5
          So we take all these precautions with our computers to secure our data, and our brick and mortar transactions, at least to the point of handing over a physical credit card, are breached. Only answer is to pay cash, and maybe live in a cave. And that may only be a partial answer. As long as there are crooks, and there always have been we are at risk. It becomes a matter of mitigation of those risks, and a balance between convenience and safety.
          Linux because it works. No social or political motives in my decision to use it.
          Always consider Occam's Razor
          Rich

          Comment


            #6
            Originally posted by richb View Post
            So we take all these precautions with our computers to secure our data, and our brick and mortar transactions, at least to the point of handing over a physical credit card, are breached. Only answer is to pay cash, and maybe live in a cave.
            I will once again have to state my disagreement with this point of view - at least as far as credit cards are concerned. My belief is that with cash vs. credit card, the risk of financial loss is much greater carrying cash than credit cards.

            A couple years ago, my credit card number was pilfered in the old fashioned way - stolen by a member of the staff at a restaurant we visited while out of town. My bank called me a few days after our return and asked me to verify some charges. I did not; so the charges were reversed and my card re-issued within the week with a new number.

            What did this cost me? Nothing. A modicum of inconvenience in exchange for the endless convenience of have my purchases warranted, free plane tickets from accumulated miles (it's an airline card), a large emergency fund at the ready in case of a real emergency, travel insurance, rental car insurance, etc. Had I been using cash this would not have happened of course. But what if you misplace or have your wallet stolen or your house burns down with your cash and credit cards in it? Your credit cards are safe (canceled and replaced). Your cash is gone - forever. What risk am I taking on by using credit cards? My bank now even protects me against debit card fraud in the same way credit card companies do.

            So who suffers when credit card numbers are stolen? Merchants who fail to properly ID or verify the person with whom they are transacting with, that's who. The idea that we are at some great risk when things like this occur is mostly poppycosh. Fear-mongering not unlike those ads for home security systems.

            Interesting point to consider: all this "big data" scofflaw of late is related to this issue. Credit card companies track our use patterns to glean when fraud may be occurring and this is what protects them from liability, and thus allows them to offer us protection from fraud. Interesting. Of course, what else they do with that sort of data is what's usually at issue.

            Please Read Me

            Comment


              #7
              You were lucky. If the pilferers are smart and I would say many are, they would not make purchases that are suspect. Of course with a large breach as this the issuers will be alerted, and the users alerted so damage can be lessened. But credit card fraud is still a large issue for many people..

              http://www.statisticbrain.com/identi...ud-statistics/

              EDIT: By the way, I am sure you would agree with me that anecdotal evidence is not dispositive argument.
              Last edited by richb; Dec 19, 2013, 10:07 AM.
              Linux because it works. No social or political motives in my decision to use it.
              Always consider Occam's Razor
              Rich

              Comment


                #8
                I'm not sure how luck has anything to do with it. I was in Long Beach and the charges were made in another city. My card issuer doesn't make me pay anything for fraudulent use.

                The point I was trying to make is that no matter how much someone who steals my credit card charges, I am not responsible for the amount - because it's fraud. The credit card companies act like they're "protecting" you, but the law does that. They're only protecting themselves. You'll note that the "total financial loss" stated does not say whose loss it was. I'd bet a very small percentage is the consumer level. Most credit card issuers limit your fraud exposure to $50 and many are now $0.

                Identity theft is not the same as credit card theft. I could leave my credit card on a park bench and not "lose" anything. Any merchant who accepts the charge card without verification would be on the hook, not me. More concerning than someone having my credit card number is the number of merchants who now accept charges under a certain level without any ID check - I assume with the agreement of the card companies themselves. The risk they're accepting must bu just another cost of doing business. I suppose since the card holder is likely responsible for the first $50, those small transactions aren't worth the time to make them safer.

                Granted, the over-all losses are returned to use through higher costs and rates, but that's another argument
                Last edited by oshunluvr; Dec 19, 2013, 12:08 PM.

                Please Read Me

                Comment


                  #9
                  Well I disagree on the whole premise. As you stated we all pay for credit card fraud. But there are other consequences as well.
                  Victims suffer Most victims suffer little more than the inconvenience of having to replace their credit and debit cards.
                  But when a stolen identity is used to apply for additional lines of credit, the victim can spend years trying to resolve bad debt run up by thieves in their names. Some struggle to borrow money because of the damage to their credit scores. Others have been forced to file bankruptcy and lose their homes.
                  http://www.usatoday.com/story/money/...owing/2082179/

                  I'm not sure how luck has anything to do with it. I was in Long Beach and the charges were made in another city. My card issuer doesn't make me pay anything for fraudulent use. -- Anecdotal
                  Personally I do not want my credit card information in the hands of thieves or made public. What is the point of secure websites if there is no concern.
                  Linux because it works. No social or political motives in my decision to use it.
                  Always consider Occam's Razor
                  Rich

                  Comment


                    #10
                    Since you read the article you linked to, you must have read the parts that stated businesses take most of the losses and that banks have made the fraud "painless" for most consumers - my points exactly. Fear mongering sells newspapers. I see few if any actual facts in that story at all. With the exception of a single story, the entire article is anecdotal and devoid of actual statistics. For example: out of the nearly 1.3 million bankruptcies in 2012 in the US, how many are due to identity theft or credit fraud? I doubt many, otherwise they would have used that data to further increase the "fear factor."

                    As I stated, identity theft isn't the same as credit card fraud, although one sometimes begets the other. Nor did I advocate publicly exposing credit card numbers and or suggest that websites need not be as secure as possible. I submit that the idea that one would be somehow "safer" using only cash is not based on logic or reality. There are many legitimate and sensible ways to make your financial life safer but mattresses and coffee cans aren't among them. I'm not saying that care and concern are unwarranted, just that the "cash and caves" approach is like driving a thumb tack with a sledge hammer.

                    Please Read Me

                    Comment


                      #11
                      And my point was supported by the quote I included about victims suffering.

                      We have reached the point where we should agree to disagree.
                      Last edited by richb; Dec 19, 2013, 12:55 PM.
                      Linux because it works. No social or political motives in my decision to use it.
                      Always consider Occam's Razor
                      Rich

                      Comment


                        #12
                        Agreed...

                        ...I think.

                        Please Read Me

                        Comment


                          #13
                          Since my wife and I have shopped at the Target store less than a mile south of us several times since Thanksgiving, this morning we went to our bank and got our debit cards replaced. Free of charge. The branch manager was calling all of her friends and family telling them to get new cards with new numbers and PINs. Apparently the bank is going to email/mail all debit card users soon.
                          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                          – John F. Kennedy, February 26, 1962.

                          Comment


                            #14
                            Heard on the radio this evening, that the hackers were able to gain access to the actual POS (Point of Sales) of the Target stores, capturing the credit card swipes as the purchases were being recorded!
                            Windows no longer obstructs my view.
                            Using Kubuntu Linux since March 23, 2007.
                            "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                            Comment


                              #15
                              Yeah they were accessing the stripe itself .... :0

                              woodsmoke

                              Comment

                              Working...
                              X