As has been widely reported, the popular retail giant Target announced yesterday that it suffered a data breach impacting approximately 40 million credit and debit card accounts used in Target stores across the country between November 27th and December 15th. It appears that the breach involved the theft of “track data” from the magnetic stripe on the back of credit and debit cards used in Target stores. Thieves use this stolen information to create counterfeit cards.
Target reports that, with the help of a third-party forensics firm, it has identified and stopped the breach. The retailer also indicates that it has identified additional security measures designed to prevent future incidents of breach. In addition to Target’s forensics team, the Secret Service is also investigating the incident. It is anticipated that when the dust settles, it will rank among the largest retail breaches to date.
As we have all learned in the past several years, any company that handles personal information, and especially payment card information, is a bull’s-eye for thieves. As a result, credit card security rules and practices are continuously evolving to keep up with the ever-changing threats. With its well-known forensic lab and focus on security, some security professionals have found Target’s breach “alarming” and speculate that it may have been an inside job involving compromised Point of Sale terminals or payment terminals. Other reports suggest that the PoS attack is similar to Russian criminal attacks that implant malware in PoS devices. Regardless of the source, this incident reminds us that all companies—including those that understand the seriousness of payment card security—must be vigilant at protecting against both internal and external threats.