RiskFinancial CrimeNorth American Retailer Target Admits Data Breach May Affect 40m

North American Retailer Target Admits Data Breach May Affect 40m

North American retail chain Target, which has 1,797 US stores and 124 in Canada, said that about 40m credit and debit card accounts may have been affected by a data breach that occurred during the busy Thanksgiving and Christmas shopping period.

The company, which is based in Minneapolis, Minneota, said that accounts of customers who made purchases by swiping their cards at terminals in its US stores between 27 November and 15 December may have been exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes on the backs of cards. The data breach apparently did not affect online purchases.

Target added that it immediately notified authorities and financial institutions once it became aware of the breach and is now working with a third-party forensics firm to investigate the matter and prevent future breaches. It said it is devoting all ‘appropriate resources’ to the issue.

The company did not reveal how the data breach occurred, but stressed that it has now fixed the breach and that credit card holders can continue shopping at its stores. Asked whether there would be a certain period after which shoppers could be reassured that their accounts will no longer be vulnerable, a Target spokeswoman said: “We encourage everyone to be vigilant.”

A statement issued by the company’s chairman, president and chief executive officer (CEO), Gregg Steinhafel, said: “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause.”

Other North American retailers to have experienced a data security problem include TJX Cos, parent of the TJ Maxx and Marshall’s chains. A breach that began in July 2005 exposed at least 45.7m credit and debit cards to possible fraud and went undetected until December 2006.

In June 2009 TJX agreed to pay US$9.75m in a settlement with multiple states related to the data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

4m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

6m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

7m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

7m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

11m Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

11m Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

11m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

11m Keiron Dalton