|
 The Secret Service is investigating, according to a spokesman for
the agency, which safeguards the nation's payment systems. Target
officials did not respond to requests for comment.
Investigators believe the data was obtained via software installed
on machines that customers use to swipe magnetic strips on their
cards when paying for merchandise at Target stores, according to the
person who was not authorized to discuss the matter and declined to
provide further details.
Krebs on Security, a closely watched security industry blog that
broke the news, said the breach involved nearly all of Target's
1,797 stores in the United States, citing sources at two credit card
issuers. The report said that "track data" from at least 1 million
payment cards was thought to have been stolen before Target
uncovered the operation, but that the number could be significantly
higher.
"When all is said and done, this one will put its mark up there with
some of the largest retail breaches to date," the report cited an
unnamed source as saying.
The biggest credit card breach at a U.S. retailer reported to date
was an attack against TJX Cos, the parent of TJ Maxx and Marshalls.
The company disclosed in March 2007 that data from 45.7 million
payment cards had been stolen by hackers over 18 months. Banks later
asserted in court documents the hackers could have obtained more
than 94 million account numbers.
The data breach at Target could have extended from just after
Thanksgiving to December 15, Krebs said, citing evidence from
investigators.
[to top of second column] |
It is not yet clear how the attackers were able to compromise
point-of-sales terminals at so many Target stores across the
country. Doing so would have required careful planning by
sophisticated cyber criminals.
An American Express spokeswoman said the company is aware of the
incident and is putting fraud controls in place.
Representatives for Visa and MasterCard declined to comment.
There are no indications that the theft affected shoppers on
Target's website, Krebs reported.
(Reporting by Jim Finkle in Boston and Jennifer Saba in New York;
additional reporting by Aman Shah in Bangalore; editing by David Gregori, Andre Grenon and Phil Berlowitz)
[© 2013 Thomson Reuters. All rights
reserved.] Copyright 2013 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
