News

Target holiday cyber breach hits 40 million customers

Target holiday cyber breach hits 40 million customers

HIGH PROFILE TARGET: A woman pushes a shopping cart, center left, while departing a Target retail store Thursday, Dec. 19, 2013 in Watertown, Mass. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. Photo: Reuters/Steven Senne

By Jim Finkle and Siddharth Cavale

BOSTON (Reuters) – Target Corp said hackers might have stolen data from some 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season in the second-largest such breach reported by a U.S. retailer.

In terms of the speed at which the hackers were able to access large numbers of credit cards, the data theft was unprecedented. It took place in the 19 days from the day before Thanksgiving to Sunday, in the heart of the crucial Christmas holiday sales season.

Target, the No. 3 U.S. retailer, said on Thursday that it was working with federal law enforcement and outside experts to prevent similar attacks in the future. It did not disclose how its systems were compromised.

Experts said the incident could not have come at a worse time for Target, which is working to woo sales away from rivals in the last week of the holiday shopping season. Complaints from customers began to surface on social media as they learned of it early Thursday morning.

“Most of these attacks are just a cost of doing business,” said Mark Rasch, a former U.S. cyber crimes prosecutor. “But an attack that’s targeted against a major retailer during the peak of the Christmas season is much more than that because it undermines confidence.”

The largest breach against a retailer, uncovered in 2007 at TJX Cos Inc, led to the theft of data from more than 90 million credit cards over about 18 months.

Since then, companies have gotten far more adept at identifying intruders. But criminals have responded by developing more-powerful attack strategies, spending months on reconnaissance to launch highly sophisticated schemes with the goal of extracting as much data as they can in the shortest period of time.

Investigators believe that hackers compromised software installed on point-of-sales terminals that customers use to swipe magnetic strips on cards when paying for merchandise at Target stores, according to a person familiar with the investigation but not authorized to discuss the matter.

The company’s shares were down 1.9 percent at $62.32 on the New York Stock Exchange, while the Standard & Poor’s 500 stock index fell 0.2 percent.

Target warned customers in an alert on its website that the criminals had stolen names, payment card numbers, expiration dates and security codes.

The company had identified the breach on Sunday and had begun responding to it the same day, spokeswoman Molly Snyder said.

Krebs on Security, a closely watched security industry blog that broke the news on Wednesday, said the breach involved nearly all of Target’s 1,797 stores in the United States.

It is not yet clear how the attackers were able to compromise point-of-sales terminals at so many Target stores. “It is very clear it is a sophisticated crime,” Snyder said.

The U.S. Secret Service is working on the investigation, according to an agency spokeswoman. A Federal Bureau of Investigation spokeswoman declined to comment.

Unhappy customers began to weigh in early on Thursday, posting complaints on Target’s Facebook page.

“Thank you Target for nearly costing me and my wife our identities, we will never shop or purchase anything in your store again,” said one posting.

“Shop at Target, become a target,” remarked another. “Gee, thanks.”

JPMorgan Chase & Co, one of the biggest U.S. credit card issuers, said it was monitoring the accounts involved for suspicious activity and urged customers to contact the bank if they noticed any.

MasterCard and Visa officials had declined to comment late on Wednesday, after news of the breach surfaced. An American Express spokeswoman said the company was aware of the incident and was putting fraud controls in place.

Identity theft tips include:

  • Check your credit card and debit card accounts regularly. Monitor your accounts to look for suspicious activity, such as charges you don’t remember making. If you find any errors, immediately notify your credit or debit card provider.
  • Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies — Experian, Equifax, or TransUnion — to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.
  • Consider placing a security freeze on your credit report. A security freeze essentially puts a lock on your credit so that most third parties can’t access your report. This will help protect you from unauthorized accounts being opened in your name. Contact each credit reporting agency to place or to learn more about a security freeze.
  • Check your credit report at www.annualcreditreport.com. You are entitled to one free credit report per year from each of the three major credit reporting agencies. You can pull all three at once, or you can stagger pulling your reports throughout the year.

(Reporting by Jim Finkle and Siddharth Cavale. Additional reporting by David Henry; Editing by Kirti Pandey, Rodney Joyce and Lisa Von Ahn)

Recent Headlines

in Entertainment

This weekend’s celebrity birthdays

diaz

A look at the celebrities who will be celebrating this weekend.

in Music

CHART TOPPERS: This week’s top country tracks

bradpaisley

LISTEN: This week's top country tracks, according to the latest Billboard charts.

in Entertainment

WATCH: 10 best ‘Simpsons’ episodes

In this photo released by Fox, Homer explains why he wants to bring back the annual 4th of July fireworks display, after it's cancelled for budget reasons, in the "Yellow Badge of Cowardge" Season Finale episode of "The Simpsons," in May 2014. The full 25-year run of "The Simpsons" will arrive on cable channel FXX with a summer marathon, to be paired this fall with a digital extravaganza that could turn other TV shows yellow with envy. "I'm not going to over-promise, but I think this website will provide you with affordable health care," longtime "Simpsons" executive producer Al Jean told a TV critics' meeting Monday, July 21, 2014.

The recent marathon of all 552 episodes of "The Simpsons" inspired us to sit down and come up with our 10 favorite episodes. Enjoy!

in Entertainment

Lena Dunham and Kate Mara hit by a falling sign

Lena Dunham, of HBO's "Girls," arrives at the 66th Primetime Emmy Awards held at The Nokia Theatre  in Los Angeles.

The "Girls" and "House of Cards" actresses saw stars of their own after an accident at a Venice premiere.

in Entertainment

Charges dropped against Phillip Seymour Hoffman’s suspected drug dealer

In this Jan. 19, 2014 photo, Philip Seymour Hoffman poses for a portrait at The GenArt Quaker Good Energy Lodge during the Sundance Film Festival, in Park City, Utah. Hoffman, who won the Oscar for best actor in 2006 for his portrayal of writer Truman Capote in "Capote," was found dead Sunday, Feb. 2, 2014, in his New York apartment. He was 46.

Drug-selling charges against a friend of late film star Philip Seymour Hoffman have been dropped after officers neglected to read the suspect his Miranda rights.