CEO Greg Steinhafel confirmed Thursday morning that a data breach had taken place, even though rumors of the breach have been going on since Monday. Steinhafel said that his store is working with law enforcement and banks to try and resolve the issue as quickly as possible before anyone’s account is reported compromised.
Unlawful access has been happening since around the 27th and was only discovered on the 15th. The Secret Service confirmed on USA TODAY that credit card information was part of the compromised data.
The information stolen was only that information which was stored on the magnetic strip on the back of ATM and credit cards, and all Target stores in the USA were affected. In the US alone, Target has over 1,800 stores with an additional 124 in Canada.
MasterCard’s vice president, James Issokon, indicates in an email that the breach appeared to only affect cards used at Target.
Mike Donovan, who works for the Beazley Breach Response, says that we “see breaches across all sizes of companies,” and “you only see stories about the big ones in the news, but breaches are affecting companies all across the board. This is one of thousands of breaches that have happened in the last four or five years.” Donovan adds that it’s very important to get information out to those affected not only to fix the problem immediately, but to rebuild the damage to Target’s reputation. “Any company that handles personal data is vulnerable [to breaches].”
Fortunately, the breach does not include any online purchases as the magnetic strip needed to be scanned at a physical location to have been affected.
The data stolen will allow those who stole the data to create fake cards. Currently, it is believed that PIN numbers were also stolen. If this is the case, then thieves will be able to withdraw money from ATMs with their fake cards.
It is important to identify the card you used at Target during this time period and to report it as lost or stolen immediately so the number can be invalidated and a new number for the card can be issued. This way, if your data was stolen, a counterfeit card will read as expired at an ATM or in a store and will be turned away immediately.