For Minneapolis-based retail giant Target, Black Friday turned into a black eye. Beginning around November 27, the day before Thanksgiving, 2013, and continuing for nearly three weeks of the Christmas shopping season, the discount retailer suffered a huge security breach. Data was stolen from an estimated 40 million credit and debit cards that were used at Target locations nationwide. In addition, the partial personal information (names, addresses, email addresses, phone numbers) of 70 million more people was also hacked.
Although investigations are still under way—the Justice, Homeland Security, and Treasury Departments, among other government agencies, are involved, as well as private cybersecurity firms—it is not yet known who was behind the cyberattack. Evidence points toward an organized crime network based in Russia. The perpetrators apparently gained access to Target’s computer system by stealing credentials from a vendor. They were then able to install malware into the point-of-sale (POS) terminals where customers swipe their cards. The data contained on the cards’ magnetic strips was somehow pirated as people made their purchases.
The company and card-issuing banks rushed to reassure customers that they would do all they could to prevent fraudulent use of their cards, but it may be too soon to know how the criminals plan to use the stolen data. A small number of other retailers, including Neiman Marcus, also were affected. The security breach is fueling calls for legislation to better protect consumer information. One thing is clear: the United States is behind the times when it comes to card-security technology. In the near future there will be a changeover of all credit cards and POS terminals to a more secure payment system known as EMV, which uses an embedded computer chip in the card plus a PIN (personal identification number). The EMV system is already widely used in Europe and elsewhere. Though somewhat expensive to implement, this improvement promises significant protection against fraud. The major credit card issuers, Visa and MasterCard, say the chip-and-PIN technology should be in place by October 2015.
Image credit: © Talaj/Getty Image
- Target: Cybercrooks Used Stolen Vendor ID to Hack into System
This article updates the investigation into who perpetrated the hack of Target’s POS system and how they did it.
(Source: Minneapolis Star-Tribune, January 30, 2014)
- Analysts: Credit Card Hacking Goes Much Further Than Target
This article discusses the broader cybersecurity problem that Target discovered.
(Source: NPR, January 17, 2014)
- Target Credit Card Hack: What You Need to Know
This article covers the basic story of the Christmas season credit card security breach at Target, including directions to affected consumers.
(Source: December 23, 2013)
- October 2015: The End of the Swipe-and-Sign Credit Card
This article describes the coming EMV (card-and-PIN) system for credit card transactions.
(Source: Wall Street Journal, January 30, 2014)