US based retailer Target, fell victim to a security breach that hit almost all of their payment consoles.
According to a blog post on KrebsonSecurity, a security industry blog, the breach hit nearly all 1,797 retail locations. The US Secret Service is investigating the incident and believes the data was obtained by software installed on the store’s card swiping terminals. The report mentions the attack began on Black Friday, and the track data of at least 1 million cards were exposed until Target discovered the breach.
Target just recently announced that close to 40 million cards were compromised due to the incident.
What Lies Ahead for a British Fintech Industry Outside the EUGo to article >>
This incident reminds us of the TJ Maxx breach in 2007 where over 45.7 million cards were compromised after their system was hacked, over a period of 18 months. According to investigators the breach began on November 30th and could have lasted until December 15th.
The breach exposed the card’s magnetic strip data directly from the retailer’s card swiping terminals. At Target, as with most US based retailers, the cards are swiped by the cardholders themselves, meaning it is possible the hack was performed in person at a physical location. The Secret Service is currently trying to understand how the hacker(s) accessed almost all of Target’s point-of-sale terminals. Shoppers who used Targets online store were not affected by the breach.
An American Express spokesperson stated they are aware of the incident and are implementing fraud procedures to reduce damage. MasterCard and Visa did not comment on the matter.