Approximately 40 million credit and debit card accounts at Target may have been impacted between Nov. 27 and Dec. 15, 2013 in one of the largest credit card breaches at a U.S. retailer. Target said it is working closely with law enforcement and financial institutions, and has identified and resolved the issue.
The Krebs on Security, a closely watched security industry blog that broke the news.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
The Secret Service, which safeguards the nation's payment systems, is also investigating.
Target said cards used at the brick-and-mortar stores between Nov. 27 and Dec. 15, 2013, may have been impacted.
Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, according to Reuters. Gaining access to data on the magnetic strips of shoppers' cards potentially allowing them to produce counterfeit versions, according to Krebs on Security.
The thieves could also potentially withdraw cash from ATMs using counterfeit debit cards if they were able to intercept PIN data from Target.
