Target Stores' Customers Hit by Major Credit Card Attack

Target stores' customers hit by major credit card attack
Jeff Chiu/AP
By Siddharth Cavale
and Jim Finkle

Target said data from about 40 million debit and credit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday season, in the second-largest card breach at a U.S. retailer.

The data theft, unprecedented in its ferocity, took place over a 19-day period that began the day before Thanksgiving. Target said Thursday that it identified and resolved the issue on Dec. 15.

Target Stores (TGT) shares fell as much as 3.2 percent before the bell.

Though smaller than the breach disclosed in March 2007 by TJX Cos. (TJX), parent of apparel chains TJ Maxx and Marshalls, the data theft took place over a much shorter period and hit shoppers at the beginning of the U.S. holiday season.

Target said the breach might have compromised accounts between Nov. 27 and Dec. 15, a period of nearly three weeks.

The data theft revealed by TJX took place over 18 months, affecting 45.7 million payment cards, according to the company.
Banks later said in court documents that the hackers could have obtained more than 94 million account numbers in the TJX case.

On Thursday, Target told customers in an alert on its website that the criminals had stolen customer names, payment card numbers, expiration dates and their CVV security codes.

"On Dec. 15, we were able to identify an unauthorized access and we were able at that time to resolve the issue," Target spokeswoman Molly Snyder said by telephone.

Krebs on Security, a closely watched security industry blog that broke the news Wednesday, said the breach involved nearly all of Target's 1,797 stores in the United States and investigators believed the data was obtained via software installed on point-of-sales terminals used to swipe magnetic strips on payment cards.

It isn't yet clear how the attackers were able to compromise point-of-sales terminals at so many Target stores. "It is very clear it is a sophisticated crime," Snyder said.

The U.S. Secret Service is working on the investigation, according to an agency spokeswoman. A Federal Bureau of Investigation spokeswoman declined to comment.

"While this search for the truth is happening, the issue damages the trust Target have gained in mobile and calls into question how sales [will] trend in January," said Brian Sozzi, chief executive officer of Belus Capital Advisors.

MasterCard (MA) and Visa (V) officials had declined to comment late Wednesday, after news of the breach surfaced. An American Express (AXP) spokeswoman said the company was aware of the incident and was putting fraud controls in place.

Target said it had alerted authorities and financial institutions immediately after it was made aware of the unauthorized access and that it was "putting all appropriate resources behind these efforts."

The company said it hired a forensics firm to investigate the incident.

Target's shares were down 1.7 percent an hour before the market was due to open.

The shares, which have risen 7.4 percent this year, closed at $63.55 on the New York Stock Exchange on Wednesday. The stock has largely underperformed the broader S&P 500 index, which has risen 27 percent this year.

-Writing by Robin Paxton.

Increase your money and finance knowledge from home

Introduction to ETFs

The basics of Exchange Traded Funds and why ETFs are hot.

View Course »

Introduction to Value Investing

Are you the next Warren Buffett?

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:

I read or heard somewhere that it didn't effect online purchases using a Target debit or credit card. Is this true? Also, how could a hacker have access to all 1,700 stores? Inside job?

December 19 2013 at 7:28 PM Report abuse rate up rate down Reply

The government is already privy to this information. So who are the real hackers? Who could actually cause more harm to our economic security and who has a track record of causing economic disasters throught their corporate and Wall Street co-conspirators?

December 19 2013 at 10:09 AM Report abuse rate up rate down Reply

Execute hackers and identity theives. The damage they can do is catastrophic. Make the penalty nowhere near the benefit of the crime. As a society we need to defend our freedoms, our economies and our lives. We can either tolerate crimes against us or react with severity. I prefer we act with severity, I don't want to tolerate being a victim.

December 19 2013 at 9:56 AM Report abuse rate up rate down Reply

Check your credit card and bank statements often. It may help but isn't guaranteed.

December 19 2013 at 8:26 AM Report abuse rate up rate down Reply

Gaining access to anyone's information of any kind without their authorization or knowledge is spying. This includes credit card data. Spying is an attack on you, period. Someone that is spying on you is not sending you a Christmas card. And this includes drones, the NSA, or by any criminal.

December 19 2013 at 6:39 AM Report abuse rate up rate down Reply