In a statement to potentially affected customers, Target confirms that the “unauthorized access to Target payment card data” at its retail locations (Target.com purchases were apparently not impacted by the attack) lasted from Nov. 27 to Dec. 15, effectively encompassing the heart of the store’s holiday shopping business and affecting around 40 million Target shoppers, according to the retailer.
“Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause,” said the company in a demonstration of corporate understatement.
The breach didn’t just get at basic things like customer names and addresses — nope, Target says the data thieves rode off into the virtual sunset with info that included customer name, credit or debit card number, and the card’s expiration date and CVV (that three-digit security code on the back of your card).
“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” says Target, which is recommending that customers do the sensible thing and review their accounts for signs of fraud and identity theft.
“If you see something that appears fraudulent, REDcard holders should contact Target,” explains the company in an FAQ, “others should contact their bank.”
Target is swearing up and down that its payment systems are now safe and secure, but will customers believe them? Would you?