Target: 40M card accounts may be breached

[ArkRescue]

"MINNEAPOLIS (AP) -- Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.

The chain said that accounts of customers who made purchases using their cards at its U.S. stores between Nov. 27 and Dec. 15 may have been exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards."

Target: 40M card accounts may be breached - WTOP.com

 

[slotpuppy]

I still have not heard how they stole the card numbers.

 

[ArkRescue]

I still have not heard how they stole the card numbers.

Their computer system must store all of that info. Consider when you do a return after a credit card purchase, they are able to reverse part of the charges using the stored info. on the transaction in their computer system.

 

[slotpuppy]

Their computer system must store all of that info. Consider when you do a return after a credit card purchase, they are able to reverse part of the charges using the stored info. on the transaction in their computer system.

Thats what I was wondering, what did they hack to gain access to the many numbers.

 

[ArkRescue]

Thats what I was wondering, what did they hack to gain access to the many numbers.

Many people use debit cards to pay, but I somehow doubt the system retains the PIN people key in to authorize the purchase (non Visa debits).

 

[RareBreed]

Hmmm.. I'm wondering if maybe mine was hacked since I had 3 fraudulent charges on my debit card recently. The time frame of when I bought something is within the dates listed.

 

[ArkRescue]

Hmmm.. I'm wondering if maybe mine was hacked since I had 3 fraudulent charges on my debit card recently. The time frame of when I bought something is within the dates listed.

Was is Visa debit? Or one you need to enter a PIN to authorize the transaction?

 

[RareBreed]

Was is Visa debit? Or one you need to enter a PIN to authorize the transaction?

Visa debit and I have to enter my PIN.

 

[ArkRescue]

Visa debit and I have to enter my PIN.

oh wow I didn't know they had the Visa debit with a PIN - great! I never wanted a swipe type Visa debit with no PIN requirement since it's too easy for someone to steal and use.

 

[czygvtwkr]

Visa Debt can be ran as an ATM card, with pin, or you can say it is a credit card, no pin but you have to sign just like a regular credit card. The advantage to Visa debit is you can use it in places that do not have access to the ATM network.

 

[LibertyBeacon]

I still have not heard how they stole the card numbers.

It has not been determined yet. The TJ Maxx incident a few years ago involved rogues using the wireless network at the store's headquarters from which they were able to reach out to the back-end systems that stored customer data.

Another incident, Heartland (I think?) involved placing malware on internal networks that exfiltrated data.

Many people use debit cards to pay, but I somehow doubt the system retains the PIN people key in to authorize the purchase (non Visa debits).

I do not think the administrative systems store the PIN. The news stories I've read use language that indicates "…data stored on the mag stripes was stolen…". The PIN is stored on the mag stripe, so this language indicates to me the theft could have occurred anywhere from close to the POS up to and including the back-end authorization servers. In other words: anything is possible and no one knows yet. And the implication is that the PIN is compromised.

The advantage to Visa debit…

There is also a significant disadvantage to using a VISA debit … There are differing sets of laws regarding theft from a VISA debit bank card and a traditional credit card that gets cleared through VISA. The law says the bank has up to 10 days to complete their investigation and return your money to you. Traditional credit cards are almost instantaneous.

This is why I never use my PIN - I always have them run it as a credit card.

 

[ArkRescue]

"NEW YORK (AP) -- With less than a week until Christmas, a real-life Grinch has stolen the credit and debit card information of about 40 million Target shoppers.

Target says anyone who made purchases by swiping cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards."

Answers to questions about the Target data breach - WTOP.com

 

[ArkRescue]

more

" Are you in the clear if you're getting your credit or debit cards replaced?

Not according to Adam Levin, chairman and co-founder of Credit.com. He thinks one type of scam is "going to come back with a vengeance." "

Answer Desk: Are you in the clear if you replace cards used at Target? - WTOP.com

 

[GregV814]

Isnt Target the same French owned corp. that BANNED the Salvation Army from its sidewalks?

 

[ArkRescue]

I almost went to Target several times in the Fall, but I resisted because instead of spending money, I am trying to pay down debt. I am sure this affected their holiday sales, and I wouldn't be surprised if they had to close a few stores to recuperate from the losses.

 

[GURPS]

Their computer system must store all of that info. Consider when you do a return after a credit card purchase, they are able to reverse part of the charges using the stored info. on the transaction in their computer system.

our SQL db's with 'live data' is encrypted .. and we do not have the decryption key



somebody screwed up

 

[GURPS]

Thats what I was wondering, what did they hack to gain access to the many numbers.

I doubt it was a 'hack' probably a spear pishing attack ... or worse a social engineering attack [you cannot fix humans]
some employee probably clicked something they were not suppose to
a criminal could have used a zero day exploit in an email


I read a Tech Article recently there some 750 windows exploits for sale, by criminal crackers .... and paying the people finding the exploits the 100 - 150 k per exploit would not even cost MS .007 % of Profits

 

[GURPS]

It has not been determined yet. The TJ Maxx incident a few years ago involved rogues using the wireless network at the store's headquarters from which they were able to reach out to the back-end systems that stored customer data.

2 retards were also caught in a Home Depot parking lot, connected to the stores OPEN Network, collecting CC Numbers ... after they had loaded some code to collect numbers