Target confirmed today that it experienced a security breach between November 27 and December 15, and as many as 40 million credit and debit card accounts might have been compromised. In a twist though, the hack occurred in-store.
According to Krebs on Security, the breach involved theft of data stored on the magnetic stripes of bank cards. "The type of data stolen — also known as 'track data' — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe," the site explains. "If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs."
Although the news was made official today, it would appear as if some banks were made aware of the potential breach before that; one of our staffers received an automatic reissue of her debit card on December 13, the same day that Krebs on Security leaked the story (and the same day that this writer's own account was frozen because of fraudulent charges made at a cell phone store in Brazil). Regardless, shoppers who made purchases at a brick-and-mortar Target store between Thanksgiving and December 15 might want to consider requesting a new debit or credit card. For more information, check out our guide on what to do if you're the victim of credit card fraud.
Target is obviously taking the breach seriously. The retailer stated that it has resolved the issue, but it will work with law enforcement to "bring those responsible to justice," as well as a third-party forensics firm to conduct a "thorough investigation of the incident."
Considering this hack occurred during a timeframe that includes both Black Friday and the holiday season, it's no surprise that so many accounts were potentially exposed. When coupled with the store's lackluster ad this year, we'd say that Target deserves a retroactive spot on our Black Friday jeers list. (And we'll just continue to stand by our belief that shopping in-store on Black Friday is a fail.)
Readers, have any of you had an account seemingly hacked as a result of this breach? Will you request a new card regardless? Share your story in the comments below.