How the Target Credit Card Data Breach Worked
Consumers are certainly justifiably a bit on edge when it comes to pulling their credit or debit cards out of there wallet these days. Recent data breaches at Target, Neiman Marcus, and apparently ongoing breaches at other US retailers have come as a short sharp shock to the shopping psychology of some as each day seems to bring new headlines that often hint at more bad news to come. Krebs on Security has been at the forefront of this breaking news and also about how some of thievery took place. Today the New York Times has an excellent piece about how the data breach at Target occurred and affected 110 million customers.
Called A Sneaky Path Into Target Customers’ Wallets, the lengthy and thorough piece is worth a read because it provides context on the shady criminal world that executes these attacks as well as the apparently porous systems that some merchants with whom we trust our data maintain. I don’t think anyone who has been following this story will be too surprised by much of the info, but the most surprising revelation in the story was that Target honchoes had no knowledge of the breach until they were alerted by the Secret Service about two weeks before Christmas.
Target’s system was so open that the data thieves were able to essentially work at will within that system, grabbing data from the magnetic stripes of cards as they were swiped, move that data to a database on Target’s system each hour of the day, and then transfer it at will to their own systems.
What is perhaps most disturbing and is certainly grounds for future discussion is that the article points out that experts are saying that the stolen data will retain its currency over the next year or so.
“We’re expecting this to be a major contributor, if not the primary driver of card fraud for the next 12 months,” said Alphonse R. Pascual, of Javelin Strategy & Research. “Those cards will continue to have value for quite a while. These cards will still be available for purchase a year from now.”
If that is indeed the case and the potential financial damage to consumers, banks, and retailers is so huge, it makes one wonder if the cost of canceling and replacing credit cards to those who might suspect they are caught up in this theft wouldn’t be the most expedient way to go.
Target has offered free credit report monitoring for those who shopped in the store during the period of November 27 through December 15 and that is certainly one way to try and protect yourself. Of course there is now also the nagging question about other retailers who might have similarly been breached during this period.