If you or someone you love shopped at Target over Thanksgiving weekend, your personal financial information may have been stolen, in an elaborate, nationwide data heist affecting as many as 40 million customers.
Here’s what you need to know:
1. The Information Was Hacked In Stores, Not Online
According to the Wall Street Journal, the information was stolen directly from brick and mortar stores, not online. The hack was apparently achieved through widespread tampering with stores’ credit/debit card swiping machines.
Business Insider explains that the hack focused on Target’s point-of-sale, or POS system, copying every number stored in the magnetic strip on customer cards, the moment they swiped.
The New York Times speculates that to pull of such a caper, a company insider could have inserted malware into a company machine that have cyber-criminals a foothold into the POS systems.
Target told the AP, any customer who paid by card at a Target store between November 27th and December 15th may have had their accounts exposed. While it hasn’t been confirmed that every Target store was infiltrated, customers from across the U.S. have been victimized.
Retail stores typically enjoy their highest yearly traffic in the period between Thanksgiving and Christmas.
2. The Secret Service Is On the Case
The Secret Service is investigating the data breach, but will not divulge details of their investigation while it is still ongoing. Part of the Secret Service’s stated mission is to protect the nation’s financial infrastructure and payment systems.
3. Hackers Likely Aim to Sell Information on Black Market
Investigators and former U.S. officials told the Wall Street Journal:
“Hackers typically aim to sell such information in bulk on the black market…Crime rings can use the fake cards to buy gift cards from major retailers and convert them eventually into cash.”
A 2010 article from StopTheHacker.com, features screenshots of black market websites, where financial identities are bought and sold for as cheap as two bucks a pop. None of the websites they perused were blacklisted by Google’s Safe Browsing List at time.
4. There Are a Few Simple Ways To Protect Yourself If You Were Hacked
CNN and NBC News both have rundowns on what to do if you have reason to believe your credit card may have been one of those hacked. First, check your statement, note any suspicious purchases, make sure there’s no chance you made those purchases yourself while drunk the other night. According to CNN, hackers often “ping” an account with micropayments, so if you see a bunch of purchases of only a few cents, that could be a sign you’re in trouble. Next, you’re going to want to call your credit card company or bank. In a case of fraud this widespread and documented, the card company or merchant will be on the hook, not you. But you have to be proactive, don’t wait for them to call you. Target has set up a phone line for concerned customers: 866-852-8680.
5. This Isn’t The First Time a Major Retail Outlet Has Been Burned By Hackers
In 2007, thieves stole credit card numbers and personal data off up to 90 million cards, from customers who frequented T.J. Maxx stores, HomeGoods, and other discount chains. According to the Journal, this past July, new details were released by federal prosecutors about an ongoing investigation of a group “believed to have stolen more than 160 million credit and debit card numbers from J.C. Penney Co. JCP -3.15% , 7-Eleven, Nasdaq OMX Group, NDAQ -0.19% JetBlue Inc. JBLU -1.52% and others over several years.”