Target was hacked on Black Friday, and to their credit, it wasn’t but 3 weeks later that the company discovered their customers credit and debit card information was at risk.
After the incident, Target spokeswoman Molly Snyder said the company had notified millions of affected customers for whom it had email addresses.
Approximately 40 million customers had been affected.
Banks and credit card companies went on high alert – JP Morgan Chase put limits on debit card purchases and withdrawals, and customers were told to closely monitor their credit and debit card statements.
Computer World announced, for the first time, hackers market stolen data with info on the location of store where card was used; experts say new strategy will slow detection.
Target’s stolen credit cards have also been found on sale on the Internet.
Credit and debit card accounts have reportedly flooded underground black markets, going on sale in batches of one million cards.
The cards are being sold from around $20 to more than $100 each, KrebsOnSecurity reports.
Security blogger Brian Krebs, who first reported the Target data breach news last week, said on Sunday that compromised cards are being marketed online with information on the state, city and ZIP code of the Target store where they were used.
Krebs wrote, in his blog, “This lets crooks who want to use the cards for in-store fraud avoid any knee-jerk fraud defenses in which a financial institution might block transactions that occur outside the legitimate cardholder’s immediate geographic region.”
What is really troubling is the information these hackers have gotten their hands on – the cardholder’s name, the credit or debit card number, the card’s expiration date and the CVV security code used to activate the card in a store, Target said.
“Hackers could use this data to make card replicas.” Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.
Bear in mind, though, pin numbers and social security numbers have not been compromised.
There is much unknown at this time, however, security experts believe that hackers gained access to the point-of-sale data that was believed to be accessed through the terminals where cards were swiped. As the cards were swiped, the crooks collected the data as it moved through the Target device to credit card processing.
Whether your card information was hacked or not, if you swiped your card between November 27 and December 15 at Target, you should call your credit card company, bank and Target. Request a replacement card and change your PIN.
Image via YouTube