Target has confirmed the credit card data security breach that we reported yesterday. In a letter on its corporate website. Target is telling customers that the breach occurred from November 27 through December 15. Credit and debit card information was taken from in store credit card systems that includes the credit card number, expiration date, and CVV (three digit security code.) The data theft did not affect online purchasers. Target is advising customers who may have shopped at Target during that time frame who have PIN numbers attached to credit cards that a prudent course of action would be to change those PIN numbers and for all Target customers during that period to be on the alert for suspicious activity.
The breach began one day before Thanksgiving and two days before Black Friday, the busiest US shopping day of the year. As many as 40 million customers may have been affected at the 1,797 stores in the US and Canada in what is one of the largest data breaches in history. Target’s CEO Gregg Steinhafel in the letter says “the issue has been identified and resolved,” which means that consumer credit card information should no longer be flowing from Target to data thieves. Target also gives steps that consumers in certain states can take, as well as all Target customers who may have shopped in Target stores during that period.
Krebs On Security initially reported the breach yesterday and news quickly begin spreading about the severity of the problem. The US Secret Service is now reporting that it is investigating the case.