If you used a credit or debit card to shop at Target on Black Friday, your account information could have been compromised in what may be the largest security breach in U.S. retail history.
The retailer confirmed this morning that the financial information of roughly 40 million Target shoppers who patronized stores throughout the country from November 27 to December 15 may have been stolen. The Secret Service is investigating the claim.
According to computer security expert Brian Krebs, who broke the story on his website, credit cards used to shop online did not appear to be affected by the breach. He explains that only cards swiped at a store would be vulnerable to this type of crime.
The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.
NBC digital journalist Alastair Jamieson tweeted out more details of the breach:
Massive Target data breach involves customer name, credit/debit card number, and card expiration date and 3-digit CCV security code— Alastair Jamieson (@alastairjam) December 19, 2013
One news outlet warns that credit card information stolen in this way could be sold on the black market, and could remain untouched for months before being used. This year, 226 million Americans shopped online or in stores on Black Friday.
The last massive retail data breach happened in 2007, when more than 45 million credit cards used at TJX stores like Marshall's and T.J.Maxx were compromised. According to Krebs, those perpetrators hacked into TJX's headquarters via wireless networks at retail stores. A similar scheme might have been used in the Target case, but the exact nature of the breach is still not know.
Anyone who used a card at any of the retailer's 1,757 stores is encouraged to get in touch with Target. (Their number is 866-852-8680).
This article is from the archive of our partner The Wire.