U.S. Target Stores - 40 Million Credit Card Numbers Stolen

Realistically, what can be done in a case like this? And how much sleep do you lose over it? It's a rare month that goes by that someone doesn't announce a big data loss somewhere.

Even the quantity of numbers stolen is incomprehensible - 40,000,000. There are only about 115,000,000 households in the US. So roughly 35% of households used a credit card at Target in the last three weeks? That's surprising in itself.
 
How is it possible to steal debit/credit card information if you've used your card at Target? I thought the PCI encryption standard keeps your card info encrypted between the swip and the merchant service provider
 
mraikes said:
Realistically, what can be done in a case like this? And how much sleep do you lose over it? It's a rare month that goes by that someone doesn't announce a big data loss somewhere.

Even the quantity of numbers stolen is incomprehensible - 40,000,000. There are only about 115,000,000 households in the US. So roughly 35% of households used a credit card at Target in the last three weeks? That's surprising in itself.
Click to expand...

The average American has about 2 Credit Cards.
There are 144 million MasterCards, and 428 million Visa Debit Cards in the United States.
There are 312,780,968 people in the US.
That's roughly 1,197,561,936 Debit/Credit Cards, or roughly 4 cards per person.
(In 2006 there were roughly 984 million debit/credit cards)

So 3.34% of all cards were hijacked. That's just a drop in a massive bucket bucket.

Source For Credit Card Information
 
Last edited:
Pants said:
How is it possible to steal debit/credit card information if you've used your card at Target? I thought the PCI encryption standard keeps your card info encrypted between the swip and the merchant service provider
Click to expand...

Same could be said about how my confidential medical information has been stolen at least 3 times while in the care of the Department of Defense. I've gotten 3 letters from the DA and DoD about how my medical and private information has been lost or stolen while I was in the Military. Considering how the VA handles my medical now, I'm sure the VA might start sending me the same thing eventually.
 
According to what i have heard it may have been malware in the terminals so it is targets fault not checking them regularly.
There are already many people suing target and chances are they are going to have a huge class action lawsuit and may even be sued by the credit card companies as well.
 
I've been looking into this since I am always interested in the whole security thing. At this point in time there has been nothing definitive with full details as to how the breach actually occurred. Meaning there is no one that is a real tech expert that has provided details. Just dribs and drabs from popular media outlets.

In all of my reading the only detail I have found was this
We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV.
Click to expand...

from https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca

From my experience in retail that information is acquired from the mag stripe via MSR. Have not been to a Target in ages so I don't know if they use a separate MSR, ala Ingineco, or a MSR keyboard. Either way it goes from there to the financial institution for a provisional approval code. It also collects on the store server where they are submitted by batch to their merchant account at the EOD process. At least I think the large chains still do it that way.

A number of other recent breaches seem to have focused around malware and the credit card processing system. So my guess this may have been at the store or corporate servers handling the transactions.
 
Pants said:
So should I call my bank and get our debit cards changed?
Click to expand...

I would. Debit cards have less protections that credit cards. Beyond that I do not want to be in a situation of cleaning up credit issues attached to my name. In reality no one really cares that it is fraud.

http://money.cnn.com/2013/12/20/pf/expert/debit-credit-cards/

According to the Target CEO message in the link I posted they will also be offering free credit monitoring.
 
Gonna do it first thing Monday. In the mean time, Target is giving 10% off for today and tomorrow for all purchases.. I just did some last minute shopping.

Also starting to think it would be better to do all shopping with cash from now on.
 
The theft, according to a notification from one of my credit card companies occurred between November 27th and December 15th. I've got no record on my checking account history using my debit card at target between those times. Looks like I'm in the clear.
 
It has been confirmed on target's website:
We can confirm that we are actively partnering with the United States Secret Service and the Department of Justice on the ongoing investigation into the malware that affected Target’s point-of-sale system in our U.S. stores. Due to the nature of the investigation, the Secret Service has asked not to share many of the details of the forensics and investigation.
Click to expand...
 
Spoke with coworkers who said their relatives have been affected by this. They all changed their bank accounts and the Target next to me has been empty. Tough to hear this.
 
hmm, I may be missing something, but I'm not understanding how the numbers add up between the quotes of Frederick and Mr. Raikes, though it could be due to the piece of glass in my foot, where are my tweezers? Anywho, I think usually such attacks are highly sophisticated, to steal that cloudyish number of cards, it must have been an electronic attack not at a local store, unless a vendor or tech was going around installing it, or a Trojan was downloading it through a security exploit, but and instead at a central gathering point of the card data. Perhaps Target uploads card data from satellite stores to a central gathering point still under the auspices of the retail chain? Because I note they didn't say it was their processor that lost the data? Perhaps their preprocessing servers are compromised? But since they admit their fault, it must have been in-house operations which were hijacked, at least it seems to me... Is anyone aware of any financial losses?
 
From information i gathered the IT is same type of IT corporate companies such as Bell Canada and many others use around world India IT call centers.
They use IT call centers in India chances are someone working for them are responsible.
Dell for example a customer called Dell for tech support they got a IT call center in India a worker there remote accessed her pc looked around and downloaded pics she took of herself naked and proceeded to blackmail her.
Chances are someone working for them is responsible for loading malware into the POS terminals.
Another possibility the malware was installed at factory where the machines were made prob in China.
 
You must log in or register to reply here.

Similar threads

MikeLierman
Stolen Credit Card Fraud!
2 3
Replies
57
Views
10K
MikeLierman
MikeLierman
jeubank
Expanding Revenues: Effective Marketing
Replies
0
Views
1K
jeubank
jeubank
Kitten Kong
  • Sticky
Questions and Answers relating to Microsoft Licencing Guidelines.
Replies
3
Views
12K
Rosco
Rosco
L
Marketing - What worked and What Flopped.
2
Replies
31
Views
6K
MM PC Solutions
MM PC Solutions
JosephLeo
My Business Blueprint: Foundation
2
Replies
21
Views
5K
Alan22
A
Back
Top