Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Target Got Targeted By CC Thieves


  • Please log in to reply
73 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 PM

Posted 19 December 2013 - 06:42 AM

If you shopped at Target and used a credit card or debit card between Thanksgiving and December the 15th you

should at least change your pin number and maybe more....replace the card.

 

Reported here: Target customers' card data said to be at risk after store thefts | PCWorld

 

.........the breach that is believed to have affected about 40,000 card devices at store registers, the Journal said, citing people familiar with the incident. The breach extends to nearly all Target locations in the U.S.............

 

......initially thought that the breach extended from just after Thanksgiving 2013 to Dec. 6. But investigators found evidence that the breach lasted longer, possibly as far as Dec. 15................


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 19 December 2013 - 08:09 AM

Thanks!, buddy215, will pass that one on. I don't shop Target, but sometimes my son does...interesting how I did not read  about that in the paper...



#3 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:33 AM

Posted 19 December 2013 - 09:36 AM

Buddy, Thank you for posting topic.

 

40MM or more customers are affected, by the way, and that stands for million

 

I believe Brian Krebs was the first to break the story and am sourcing his article here

 

Quote from article:

 

Sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that time frame.

 

“The breach window is definitely expanding,” said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. “We can’t say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized.”

There are no indications at this time that the breach affected customers who shopped at Target’s online stores. The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs.

It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”



#4 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:33 AM

Posted 19 December 2013 - 10:18 AM

Many sources are saying it was a data and security breach, only in stores, by criminals, possibly using a phishing attack or inserting malware with the help of an insider. Apparently the software controlling the point-of-sale systems was compromised. 

 

One source here

 

Also, I am reading some customers are wondering about Target's request to swipe their Driver's License when purchasing certain large-ticket items since the bad guys got access to the data on the magnetic strip on the back of the cards.

 

This story should be an evolving one...

 

Here is Target's Privacy Policy, and they do collect info from the Driver's License. 

 

Quote: 

What Personal Information is Collected?

Types of personal information we collect include:

  • Your name
  • Your mailing address
  • Your e-mail address
  • Your phone (or mobile) number
  • Your drivers' license number
  • Your credit/debit card number
  • Your purchase/return/exchange information
  • Your registry event information
  • Your date of birth or age


#5 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:33 AM

Posted 19 December 2013 - 12:01 PM

Hi battyhippie

I  saw this reported on the local News here In NJ, Those would be News12, a cable only channel and NYC, NY locals.

 

It may make the next days newspaper. Here where I am the papers have gotten significantly smaller and thinner as well as being more expensive. I stopped Buying newspapers when they became mandatory recycle items. And the Much higher prices finished the job.

 

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#6 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 19 December 2013 - 12:31 PM

Hi rotor123!

 

Well, since I don't have TV, I don't watch the news, so that explains why I did not "hear" about that.

 

No newspapers? Fortunately here in Tiny Town, Penna...we not only have one local paper but two...my delivery cost for the month for the one paper I get is $14.95...I think still pretty reasonable. But I do know what you are saying about "newspapers", I can no longer read the ones I use to online, they are no longer free and the price? Out of my range...Oh well, but at least we have good posters here, such as buddy215, that keeps one, such as myself, from being too ignorant.



#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:33 AM

Posted 19 December 2013 - 12:57 PM

The drivers license scanning is all done via a different system compared to the Point of Sale devices since it has to communicate with the states Department of Motor Vehicles so if they did scan it, the scanning machine for the Drivers License would also have to have been compromised.

#8 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:33 AM

Posted 19 December 2013 - 02:16 PM

I still cannot wrap my head around why they would need to scan the drivers license. I have never run into that. On the Other Hand I rarely use my credit cards in a B & M store. I prefer to leave them home, That reduces impulse buys to what is in my pocket.

 

I also get Two dollar bills from the bank, The Waitresses seem to love getting them as a tip. They are only worth $2 so no loss. I do have some US Notes and National Currency bills and Silver certificates that are worth over face value tucked away in the safe deposit box.

 

United States Note

674px-US-%242-LT-1928-Fr.1501.jpg

National Currency

300px-Hawaii%2450National.jpg

 

Kind of neat stuff. Just Like War Nickels for WWII had silver instead of Nickle in them.

 

Bottom line except for the Internet I prefer to use real money and not charge things.

 

Have a good Holiday

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#9 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 PM

Posted 19 December 2013 - 03:09 PM

Before anyone feels sorry for the CC companies who will be paying for any abuse of these stolen cards' info, read the

last paragraph of this article....40 Million Target Shoppers’ Data Stolen – What You Need to Know

 

.........

Could the data breach have been prevented with better technology?

You might have heard of EMV chip-and-PIN or chip-and-signature credit cards, which use a different verification method than the typical American magnetic stripe. EMV credit cards are widely adopted in Europe, and fraudulent point-of-sale transactions dropped drastically. For example, face-to-face fraud rates in England dropped by a full 63% between 2004 and 2010. It’s likely that if the US had adopted EMV technology already, we’d see lower fraud rates.

It’s reasonable to ask why few American cards use EMV chips. The answer has to do with interchange fees – the fee that a merchant pays to a card network, payment processor and bank every time you use plastic. These fees are usually around 2% of the total transaction amount, and tend to be higher for credit cards and lower for debit. This is compared to 0.5% in Australia, and in the European Union, 0.2% for debit and 0.3% for credit. Nominally, interchange fees are meant to offset fraud losses. When a network like Visa or MasterCard wants to justify its rate, it points to the high incidence of fraud. However, interchange revenue greatly exceeds fraud loss. In 2012, American merchants paid over $41.2 billion in interchange fees, but total US fraud losses were just $5.33 billion. This removes the incentive for banks to innovate on fraud protection. So while more banks and networks are warming up to the idea of American EMV cards, it’s still a long way away..........


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:33 AM

Posted 24 December 2013 - 09:00 AM

Video Behind Your Stolen Card

from CNN Money.com and article:

Lawsuits piling up on Target over hack here
By Gregory Wallace December 23, 2013

Also, last week, JP Morgan Chase started limiting customers to $100 in cash withdrawals and $300 total purchases per day if they used the Chase debit card at Target during the breach (this affected an estimated 2 million Chase customers or less than 10% which is still a huge number of accounts). Chase then opened last Sunday in order to 'help.'

I can't help but think people were withdrawing funds on Sunday if they couldn't get access to more than 100.00 cash per day or max 300.00 purchases a few days before Christmas. It's a wonderful life...and evolving story.

Edited by Stolen, 24 December 2013 - 09:01 AM.


#11 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 PM

Posted 28 December 2013 - 07:08 AM

Target has confirmed that pin numbers were stolen along with the other CC data. But they claim that the pin numbers' encryption

will prevent the thieves from using them....uh huh...one security company says that ain't so....uh huh...

 

I know what I would do if my card(s) was used at Target during the time those cards were stolen....CANCEL it/ them!


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:12:33 AM

Posted 28 December 2013 - 11:50 AM

If I had shopped at Target using a Debit card or Credit card, As soon as the news hit that card would have been canceled and a replacement ordered. As It is I use Cash for any B & M store purchases. I reserve credit cards, Never Debit cards, for Internet purchases at trusted sites. Examples would be NewEgg, TigerDirect, Amazon.

 

Roger

 

They never did say how the data was encrypted, or salted or hashed etc.


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:33 AM

Posted 28 December 2013 - 04:36 PM

Ive recommended to everyone who shopped at Target both online and offline to replace their credit cards.

#14 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:09:33 PM

Posted 31 December 2013 - 11:27 PM

Target May Be Liable For Up To $3.6 Billion From Credit Card Data Breach

Target could face a $90 fine for each cardholder’s data compromised, which translates to the $3.6 billion liability, according to a post on the SuperMoney website.


For the full story click here

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#15 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:33 PM

Posted 10 January 2014 - 12:34 PM

According to an AP story this morning, Target now says 70,000,000 not 40,000,000 customers are victims.

AP....Target says email addresses, phone numbers and mailing addresses were stolen.

AP.....Target says they will be notifying those they have email addresses for as to what to do.....that's nice.

 

So, victims can expect spam, phishing and possibly other victimizing using the stolen info along with the hassle of getting new cards. 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users