If ever there was an exclamation point put on the danger of fraudulent credit card activity during the holidays, it is Target’s revelation that credit and debit account information for 40 million of its customers may have been stolen over the last couple of weeks.
The retailer, which has more than 1,500 stores throughout the U.S., said the customer names, debit or credit card numbers, card expiration dates were taken, along with the three-digit security codes often imprinted on the backs of cards, known as CVVs. With that information, it would be easy for criminals to ring up purchases on most websites.
The breach apparently occurred for customers who shopped in a Target store between Nov. 27 and Dec. 15. The company said customers who made online transactions are not affected by the breach.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” Gregg Steinhafel, Target’s chairman, president and chief executive officer said in a statement. “We regret any inconvenience this may cause.”
Target said it immediately notified law enforcement authorities and financial institutions after discovering the breach, though this is its first notice to customers. It is also working with a third-party forensics firm to investigate the incident and strengthen its systems, the company said.
Several news organizations said the Secret Service is investigating how the credit information fell into the hands of hackers.
Consumers hear repeated warning about identify theft. They also are told to be careful to select a secure web site when shopping online. But in this case, the problem occurred not via the Internet, but at the brick and mortar stores.
It’s doubtful that scams and security breaches will ever be eliminated entirely in the retail environment. Using caution while shopping will always be good advice. We can only hope that retailers will be able to find more sophisticated ways of stopping credit information breaches before they occur.