Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 

Target data breach affected personal info from up to 110mn customers

Published time: January 10, 2014 18:55
Edited time: January 11, 2014 01:48
Shoppers enter a Target store in Valley Stream, New York (AFP Photo / Getty Images / Spencer Platt)

Shoppers enter a Target store in Valley Stream, New York (AFP Photo / Getty Images / Spencer Platt)

The US Company Target Corp has revealed that hackers stole sensitive data from some 110 million of their customers as part of a pre-Christmas data breach, way more than had previously been disclosed.

Earlier in December the third biggest US retailer, which sells discounted products, had said that about 40 million credit and debit cards had been affected in the data breach, which happened between November 27 and December 15.

But on Friday Target announced that the ongoing investigation into the fraud showed that other customer information as well as the originally reported payment card data had been stolen.

Affecting as many as 110 million customers, the stolen information included names, mailing addresses, phone numbers and email addresses of customers who had swiped their cards outside the 19-day breach period, according to Molly Snyder, a Target spokeswoman.

The company said that some overlap exists between the two data sets.

“I think they still have no idea how big this is. This is going to end up being much larger than 70 million and end up being the largest retail breach in history,” David Kennedy, a former US Marine Corps cyber chief intelligence analyst who now runs his own consultancy, told Reuters.

Customers shop at a Target store (AFP Photo / Getty Images / Justin Sullivan)

This is the second largest data fraud ever against a major US retailer. The largest one was found at TJX Cos Inc. when data from 90 million credit cards was stolen.

Target has said that none of the customers will have to shoulder any liability for the cost of the fraudulent charges. The company has said that it expects its full-year earnings per share to include charges related to the data breach, but couldn’t give an estimate of the cost.

Old technology opens door to hackers

The debit and credit card system used by Target as well as thousands of other US stores and businesses are obsolete and therefore much more vulnerable to cybercriminals.

Such scams often involve the company employees, who insert malware into the computer system processing sales or may have unwittingly clicked a link, which then downloads the malware.

In the case of Target the data was most likely stolen via the payment terminals, which scanned the magnetic strips on the back of the card.

But had Target used Chip and Pin cards, known as EMV, then this type of hacking would have been impossible. EMV cards encrypt the data and therefore make it much more difficult to intercept at the point of use.

But in the older cards the technology on the magnetic stripes is similar to that of cassette tapes, which became obsolete almost two decades ago and can be easily reproduced.

Only 1 percent of US cards have Chip and Pin technology, in contrast to more than 90 percent in the EU and four out five in Canada. Even the US cards that are fitted with EMV technology are not secure as only one in ten US payment terminals can actually process information from the chip.

US credit card issuers have been told they must fall into line with the rest of the world by October 2015, but US banks have calculated that the amount they lose from fraud is on average less than if they paid for a roll out of new cards and terminals across the country.

The banks also earn more in fees from processing the old fashioned signature verifications than they would do with a modern pin system.

“Compared to the tens of millions of transactions that are taking place every day, even the fraud that they have to pay is small compared to the profit they are making from using less secure cards,” Mallory Duncan, the general counsel at the National Retail Foundation, told AP.

In the rest of the world the change over to EMV was either made a legal requirement, or new payment services were put in where cards had not been used before as in developing markets, but in the US even by October 2015, it is estimated that only 60 percent of cards will be compliant with new technology requirements.

Comments (4)

 

mergon 13.01.2014 10:53

How to slow it down ? pay for everything in cash ,if you must buy something off the net get someone with a pay pal account to do it for you ,DONT EVER BANK ON LINE
If you must use a credit card always pay the payments in cash at the bank , if you have to pay your bills by direct debit use a separate account for each bill and debit your main account a small sum each month to the direct debit accounts , if you have work done get an accurate estimate first , if its repair bills for the car or boiler use words ok so how much for cash or jesus HOW MUCH !

 

mergon 13.01.2014 10:42

So you deal in specific data ,say middle class with lots financial profiling and all of a sudden oh the data has gone missing ! please !

 

Alan Cook 11.01.2014 05:36

Of those 110 million I am going to guess that 57% of them were EBT cards..... Just saying...Think about this who stands to gain something by this happening to target??? Could it be Walmart????

View all comments (4)
Add comment

Authorization required for adding comments

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

OK

or Register

A password has been sent to your email address

Edit profile

X

Name

New password

Retype new password

Current password

Save

Cancel

Follow us