Retail giant Target was hit by one of the nation’s largest security breaches during the peak of the 2013 holiday shopping season – coughing up credit and debit card information belonging to forty million customers.
The breach began on November 27 – the day before Thanksgiving – and continued through December 15. It impacted only in-store purchases in the United States (i.e. not internet purchases or purchases made in Canada). The company says it has resolved the issue which permitted the hacker to gain access – and is working with law enforcement as well as “a leading third-party forensics firm” to investigate the breach.
“We began investigating the incident as soon as we learned of it,” a press release from Target states. “We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).”
In other words everything an identity thief needs to create a new card …
News of the breach was first reported Wednesday by Krebs on Security, which quoted a source as saying “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”
Indeed it will …
In 2007, TJ Maxx and Marshalls saw the data of more than 45 million customers stolen – the only other retail breach of this magnitude. The parent company for both chains was forced to pay state governments $10 million in the aftermath of the breach, owing to what officials alleged were inadequate safeguards.
Target has 1,800 stores nationwide and did $72 billion in sales last year, making it the nation’s third largest chain store (behind Walmart and Kroger).