Shop at Target? Your identity may be compromised.
Target Corporation has confirmed major credit card theft. The corporation said hackers have stolen data from up to 40 million credit and debit cards of shoppers who visited the stores during the first three weeks of the holidy season. This is the second largest such breach reported by a U.S. retailer.
The operation was carried out for 19 days during the biggest shopping season of the year. They certainly targeted the timeframe well, starting just the day before Thanksgiving to this past Sunday.
Target, the third-largest U.S. retaile, said on Thursday that it was working with federal law enforcement and outside experts to prevent similar attacks in the future. It did not disclose how its systems were compromised per 4 Traders.
The retailer itself did not detect the attack own its own. The retailer uncovered the breach only after alerted its systems might have been compromised by credit card processors who happened to notice an influx of fraudulent credit card transactions that had been used at Target, according to a person familiar with the investigation.
The timing of the breach could not have been worse, coming just before three of the four busiest days of what has been a difficult holiday season for retailers, with the highest level of discounting in years.
Many unhappy customers began to add their frustrations on Thursday, posting complaints on Target’s Facebook page.
“Thank you Target for nearly costing me and my wife our identities, we will never shop or purchase anything in your store again,” one person posted.
“Shop at Target, become a target,” said another. “Gee, thanks.”
Target is not alone in the data breach problem. TJX Cos., which runs stores such as T.J. Maxx and Marshall’s, had a breach in their security which began in July 2005 that exposed at least 45.7 million credit and debit cards to fraud. The breach was not detected until nearly five months later. In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data threat, but stressed that it firmly believed it did not violate any date security or consumer protection laws.