Target “Deeply Regrets” Letting Someone Steal 40 Million Credit Card Numbers From Customers

In case they missed the news last night, Target customers around the country are waking up this morning and learning that they may be one of many millions of consumers whose credit and debit card information was compromised during the course of a nearly three-week-long security breach at the retailer. Big Red, you’ve got some explaining to do…

In a statement to potentially affected customers, Target confirms that the “unauthorized access to Target payment card data” at its retail locations (Target.com purchases were apparently not impacted by the attack) lasted from Nov. 27 to Dec. 15, effectively encompassing the heart of the store’s holiday shopping business and affecting around 40 million Target shoppers, according to the retailer.

“Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause,” said the company in a demonstration of corporate understatement.

The breach didn’t just get at basic things like customer names and addresses — nope, Target says the data thieves rode off into the virtual sunset with info that included customer name, credit or debit card number, and the card’s expiration date and CVV (that three-digit security code on the back of your card).

“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” says Target, which is recommending that customers do the sensible thing and review their accounts for signs of fraud and identity theft.

“If you see something that appears fraudulent, REDcard holders should contact Target,” explains the company in an FAQ, “others should contact their bank.”

Target is swearing up and down that its payment systems are now safe and secure, but will customers believe them? Would you?

Read Comments6

Edit Your Comment

  1. SingleMaltGeek says:

    I had to choose the “maybe” option in the poll, but what I wanted to say was that although I don’t go to Target more than once a year, if that, this will only be a minor and temporary deterrent from going back in the future. I think this reminded me that in general it’s good to use cash for small purchases. I do that with small local merchants out of consideration for their profit margin, but with chains I usually charge whatever I can in order to maximize my cash back rewards.

  2. pguyton2 says:

    I thought merchants were not to store the CVV number?

    • SingleMaltGeek says:

      Target probably didn’t. If you look at the previous post on this, it says:

      UPDATE: The U.S. Secret Service has confirmed to the Wall Street Journal that it is investigating the data breach, which is believed to have taken advantage of a vulnerability in the network of some 40,000 card-scanning devices used at Target stores nationwide.

      So it sounds like the network that the card swiping machines was probably tapped into/compromised. In that case, everything on the magnetic stripe could have been read and stolen at the time each card was swiped. This doesn’t sound like the usual “hacked into the commerce server and fetched the stored customer data” kind of attack.

      • Saber says:

        Any time you swipe your card at a business, that information is recorded – maybe not by the business, but by the processor. Having worked in a card services/fraud department, I can verify this. Predominantly this is an issue through whomever Target does their financial processing (confirmed by the Feds, looks like), however, I’m surprised that the Feds aren’t checking the processor itself to make sure there aren’t any other leaks. (aka at other stores they process for)

  3. JoeBlow says:

    Hmm… I shopped at Target the weekend before this date range, and my credit card statement lists the transaction as having been processed on the 25th. Hope they’re right that these shenanigans started on the 27th. I’d hate to have opened myself up to fraud just by purchasing a vacuum cleaner filter.