Millions Of Credit Cards Stolen From Target Being Sold At Closeout Prices

Like scalpers who drop their asking prices as game time approaches, black market sellers of credit card numbers stolen during last December’s massive data breach at Target are now offering this ill-gotten information at rock-bottom prices.

Cybersecurity journalist Brian Krebs has been following the asking price of these cards on underground online marketplaces and found that the purloined numbers are now selling for a fraction of what they were going for in December.

On Wednesday, sellers on one such marketplace sold nearly 3 million stolen card numbers, getting anywhere from $8 to $28 per card.

By contrast, card info stolen from Target shoppers was selling for between $27 and $45 on the day the news of the hack broke back in mid-December.

Why the steep drop in value? Because the odds of those numbers still being valid has dropped significantly. At the time of the breach announcement, sellers were claiming 100% “valid rates,” meaning that all the cards in a bundle would work if used right away for an illegal shopping spree.

But the cards currently being sold only have stated valid rates of 60%, meaning there is a pretty good chance that four out of 10 cards purchased have already been canceled or flagged.

It’s kind of like buying a day-old baguette at the baker. Maybe it’ll be fine, but there’s a decent chance it will be stale.

It’s surprising to us that so many people have still not canceled cards that were included in the Target breach. Just because your credit card offers $0 liability on fraudulent purchases doesn’t mean you should continue to be in a position where you’re constantly checking your card activity for questionable purchases.

Read Comments6

Edit Your Comment

  1. Saber says:

    My financial institution actually has told us blatantly that we are NOT to cancel our cards b/c they are taking care of it- and if we do, there’s a $7.50 charge for a new card. Granted, my card was used at Target on the last day of the ‘breach’, in the evening (when the issue was supposedly taken care of) but still.

    • theoriginalcatastrophegirl says:

      yikes, they sound mean.
      if that was my situation, i’d probably have felt better just paying the $7.50 for a new card… while i sought out a new financial institution

      • Saber says:

        Sadly they’re one of the most accessible banks around here – there’s hardly any other financial institutions (or credit unions, GOD I’d love to be in a good solid Credit Union) in my area that are just as easy to utilize. I used to work for one of their ‘competitors’ (fraud dept) and even they were a huge joke in terms of both CS and fraud (and I was one of the good people who didn’t try to screw you out of your money. hence me never getting promoted for 4 1/2 years XD).

        I’d been hedging on leaving, for a while but this might be the final straw.

    • ResNullum says:

      They sound either stingy or desperate for revenue. In either case, I recommend finding a new one as soon as possible.

    • MarthaGaill says:

      Chase replaced mine automatically. I called the day after the breach became news to reset my pin, just to be safe, but about a week later the new one came in the mail.

  2. theoriginalcatastrophegirl says:

    my credit union canceled all breached cards without being asked, although for the sake of the holidays, they waited until january and sent a letter in december saying even debit cards would have no fraud liability under the circumstances