|
|
Joined: Sep 2006
Posts: 3,044
Hall of Famer
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 3,044 |
Quote:
http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/#more-24054
http://pressroom.target.com/news/target-...a-in-u-s-stores
Target Investigating Credit Card Data Breach in US Stores
Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year.
target
Update, Dec. 19: 8:20 a.m. ET: Target released a statement this morning confirming a breach, saying that 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013.
Original story;
According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.
Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment. Representatives from MasterCard and Visa also could not be immediately reached for comment.
Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that timeframe.
“The breach window is definitely expanding,” said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”
There are no indications at this time that the breach affected customers who shopped at Target’s online stores. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.
It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”
Some of the largest retailer breaches to date may help explain what happened in this case. In 2007, retailer TJX announced that its systems had been breached by hackers. The company later learned that thieves had used the store’s wireless networks to access systems at its Massachusetts headquarters that were used to store data related to payment card, check and return transactions at stores across the country, and that crooks had made off with data from more than 45 million customer credit and debit cards.
In 2009, credit card processor Heartland Payment Systems disclosed that thieves had broken into is internal card processing network, and installed malicious software that allowed them to steal track data on more than 130 million cards.
This is likely to be a fast-moving story. Stay tuned for updates as they become available.
|
|
|
|
|
Joined: Sep 2006
Posts: 3,044
Hall of Famer
|
|
OP
Hall of Famer
Joined: Sep 2006
Posts: 3,044 |
This is all the more reason to use cash when possible when buying from stores...Credit Cards should be saved for online purchases only simply because there is no one to hand your cash to...if you can use something like Bitcoin for online purchasing, thats even better. The whole debit/credit phenomenon wasn't very well thought out...security people like me yelled at the top of our lungs a decade ago that this would do nothing but lead to making it easier for crooks to rob people. If your carrying cash, a crook has to confront you physically and use a weapon to take the cash from you, with a debit or credit card, the crook doesn't even have to be in the same country as you to reach into your pocket and take your money. If using credit cards online, open up credit accounts with small credit limits, that way if it does get stolen, the crooks can't get very much from you...its called minimizing your risk.... You should avoid using debit cards under any circumstances be it online, in-store, whatever....if you must, get a small credit limit credit card and use it instead of your debit card...this way...at least if it gets stolen a crook don't have access to your bank account for any window of time. As i said before, the whole debit card thing wasn't very well thought out.....using a debit card puts you at risk of having your bank account emptied by someone who doesn't even live in the same country as you....you can't rely on your bank to notice "strange activity" Those systems rarely work correctly, and again...you shouldn't be relying on someone else, or another computer (that may or may not be compromised itself) to protect your money. I still send checks the old fashioned way, and i don't do online banking at all..as a network security professional/Administrator, I know its not safe...the banks and media will try and tell you it is, but ask the many millions of people every year who get their money stolen, that the news media never interviews, if its safe. Ask my aunt who had 22,000 dollars stolen from her accounts, and it took 6 months of fighting with the bank waiting on their "investigation" for her to get her money back... Besides I don't mind sending checks, I am helping a postal worker keep his job, and in this economy, we need all the jobs we can get...besides what is 2-3 dollars a month in stamps? I spend more then that for a cheap lunch at subway once a week! 
|
|
|
|
|
Joined: Feb 2007
Posts: 4,753 Likes: 11
Hall of Famer
|
|
Hall of Famer
Joined: Feb 2007
Posts: 4,753 Likes: 11 |
This has been a topic of conversation around the office today...being an employee of a large retail based company...You could be the most secure company in the world, PCI compliant, and all of that, but there's always the potential that someone gets their way in. I find it interesting that their stock has only gone down $1.50 (ish) after the news. Regarding this comment of yours: Quote:
If using credit cards online, open up credit accounts with small credit limits, that way if it does get stolen, the crooks can't get very much from you...its called minimizing your risk....
I agree, but make sure you take into consideration the credit score ramifications if you're keeping a balance. More cards and cards with high balance/credit limit ratios typically lower credit scores. As well, to add onto this, research credit card companies - I have a BofA visa card as well as debit card - I get calls (and emails) from BofA whenever they see something that doesn't seem right (they've also locked the account when this has happened, while inconvenient, it is much better than what could happen).
|
|
|
|
|
Joined: Nov 2006
Posts: 4,072 Likes: 126
Hall of Famer
|
|
Hall of Famer
Joined: Nov 2006
Posts: 4,072 Likes: 126 |
Quote:
I agree, but make sure you take into consideration the credit score ramifications if you're keeping a balance. More cards and cards with high balance/credit limit ratios typically lower credit scores. As well, to add onto this, research credit card companies - I have a BofA visa card as well as debit card - I get calls (and emails) from BofA whenever they see something that doesn't seem right (they've also locked the account when this has happened, while inconvenient, it is much better than what could happen).
Capital One does this too and it's annoying. Mainly because they have yet to flag a legitimate fraudulent transaction. Creating a bunch of false positives doesn't help, because people will just start ignoring them.
Adobe was hacked back in September and my Capital One card was one of the cards the hackers got, yet, Capital One's "fraud detection" never picked up on that.
It's supposed to be hard! If it wasn't hard, everyone would do it. The hard... is what makes it great!
|
|
|
|
|
Joined: Sep 2006
Posts: 49,999 Likes: 369
Legend
|
|
Legend
Joined: Sep 2006
Posts: 49,999 Likes: 369 |
A few years ago I got a new Discover card in the mail unexpectedly, and it was because of a situation like this. (though I can't remember the retailer) Anyway, because I had purchased something at a retailer suspected of having had some suspicious activities.
I called the number on the back of my (then) current card, and they explained why they sent a new card. A day later I received a letter from Discover explaining it as well.
I think that if I had shopped at target with my credit card I would be on the phone to my credit card company seeing about getting a replacement card with new numbers.
Micah 6:8; He has shown you, O mortal, what is good. And what does the Lord require of you? To act justly and to love mercy, and to walk humbly with your God.
John 14:19 Jesus said: Because I live, you also will live.
|
|
|
|
|
Joined: Sep 2006
Posts: 32,699 Likes: 675
Legend
|
|
Legend
Joined: Sep 2006
Posts: 32,699 Likes: 675 |
jc
This thread 6 comments... Duck Dynasty thread 113... LOL
Your feelings and opinions do not add up to facts.
|
|
|
|
|
Joined: Mar 2013
Posts: 18,204
~ Legend
|
|
~ Legend
Joined: Mar 2013
Posts: 18,204 |
Quote:
jc
This thread 6 comments... Duck Dynasty thread 113... LOL
I'm more surprised by the lack of puns in this thread. But then again, those customers already have a target on their back.
|
|
|
|
|
Joined: Mar 2013
Posts: 12,635
Legend
|
|
Legend
Joined: Mar 2013
Posts: 12,635 |
Quote:
I think that if I had shopped at target with my credit card I would be on the phone to my credit card company seeing about getting a replacement card with new numbers.
Yeah, they're saying do it immediately. I'm waiting on my new debit card to come via mail. Then I get to go through the process of updating all my auto-pay info for my bills 
all because I bought a single, one box of protein bars recently at Target. 
|
|
|
|
|
Joined: Sep 2006
Posts: 4,478 Likes: 26
Hall of Famer
|
|
Hall of Famer
Joined: Sep 2006
Posts: 4,478 Likes: 26 |
I work in retail designing store systems solutions and do a lot of credit/debit work. The solution for this is something a lot of other countries use called Chip and PIN . While not perfect it is a lot better than what we have.
#gmstrong
|
|
|
|
|
Joined: Aug 2009
Posts: 1,517
Dawg Talker
|
|
Dawg Talker
Joined: Aug 2009
Posts: 1,517 |
My friend is the store manager of a Target and he texted me that he has been getting phone calls all day from irate customers .... He has calmly told them that they need to call the corporate office lol
|
|
|
|
|
Joined: Sep 2006
Posts: 49,999 Likes: 369
Legend
|
|
Legend
Joined: Sep 2006
Posts: 49,999 Likes: 369 |
I heard or read something earlier today that makes a ton of sense. Imagine if these people who stole all of this data make just a $4 or $5 charge to each credit card they stole. 40 million credit cards .... $5 each ....... that's $200 million ..... nice, easy, and probably most being small enough that no one would even notice, or bother with.
Micah 6:8; He has shown you, O mortal, what is good. And what does the Lord require of you? To act justly and to love mercy, and to walk humbly with your God.
John 14:19 Jesus said: Because I live, you also will live.
|
|
|
|
|
Joined: Sep 2006
Posts: 42,173 Likes: 136
Legend
|
|
Legend
Joined: Sep 2006
Posts: 42,173 Likes: 136 |
Quote:
I heard or read something earlier today that makes a ton of sense. Imagine if these people who stole all of this data make just a $4 or $5 charge to each credit card they stole. 40 million credit cards .... $5 each ....... that's $200 million ..... nice, easy, and probably most being small enough that no one would even notice, or bother with.
A year a two months ago, my wife was a victim of CCTheft. (actually, it was her Debit Card)
Someone got her card and was able to charge a couple of hundred at Walmart.com. Oddly, it was someone saying they were charging it from Buffalo and having it sent to someone in Mexico. I think it was a TV.Not sure.
Then they charged something on line at Egghead and had it shipped to Florida. Then they paid someones utility bills in North Carolina.
It was funny because my wife caught it the next day and went nuts.. I jumped on it and had it solved inside of a week. we got every dime back.
I believe they tracked it down by back tracking on who would pay the Utility bills. Funny stuff. All told I think they hit her for1200 bucks. But like I said, we got it all back.
I have an app on my phone that allows me to check my account balances (credit and debit) and I use them every morning.
#GMSTRONG
“Everyone is entitled to his own opinion, but not to his own facts.”
Daniel Patrick Moynahan
"Alternative facts hurt us all. Think before you blindly believe."
Damanshot
|
|
|
|
|
Joined: Sep 2006
Posts: 14,477 Likes: 162
Legend
|
|
Legend
Joined: Sep 2006
Posts: 14,477 Likes: 162 |
NRTU - I don't know if it has been posted on this thread but I read in the Washington post that they think the affected dates were between Nov 27th adn Dec 15th. I shopped at a Target on the 22nd of Nov so I think i'm ok but have been checking my credit card statements.
<><
#gmstrong
|
|
|
|
|
Joined: Sep 2006
Posts: 49,999 Likes: 369
Legend
|
|
Legend
Joined: Sep 2006
Posts: 49,999 Likes: 369 |
My bank asked me if I had shopped at Target, because they want to re-issue cards with new numbers for people who may have been affected. The woman at the bank also suggested that if we shopped at Target using any other card that we have that card re-issued with a new number as well.
Seems like common sense to me. Why take any chances at all?
Micah 6:8; He has shown you, O mortal, what is good. And what does the Lord require of you? To act justly and to love mercy, and to walk humbly with your God.
John 14:19 Jesus said: Because I live, you also will live.
|
|
|
|
|
Joined: Sep 2006
Posts: 42,173 Likes: 136
Legend
|
|
Legend
Joined: Sep 2006
Posts: 42,173 Likes: 136 |
Quote:
NRTU - I don't know if it has been posted on this thread but I read in the Washington post that they think the affected dates were between Nov 27th adn Dec 15th. I shopped at a Target on the 22nd of Nov so I think i'm ok but have been checking my credit card statements.
You probably are based on all I've read and heard on TV reports. I have used my debit card there to buy a few items/. maybe 2 times in the period of time. So I'm watching everyday.
#GMSTRONG
“Everyone is entitled to his own opinion, but not to his own facts.”
Daniel Patrick Moynahan
"Alternative facts hurt us all. Think before you blindly believe."
Damanshot
|
|
|
|
|
Joined: Feb 2007
Posts: 4,753 Likes: 11
Hall of Famer
|
|
Hall of Famer
Joined: Feb 2007
Posts: 4,753 Likes: 11 |
Quote:
I work in retail designing store systems solutions and do a lot of credit/debit work. The solution for this is something a lot of other countries use called Chip and PIN . While not perfect it is a lot better than what we have.
Yep, I lived in Holland and my ABN AMRO card was chip and pin, and we're going down that road at work right now. I think that the Target situation just moved it up on our road map.
|
|
|
DawgTalkers.net
Forums DawgTalk Everything Else... Target Investigating Credit Card
Data Breach in US Stores
|
|
