At the core database, there should be a 64 bit encryption level. You need to shut down all of your cards numbers and redo the program and issue new cards. If the Secret Service tells you, "We will get the CIA mothers;" they told you a lie. They won't
Target Corp. (TGT), the second-largest U.S. discount chain, said data for about 40 million debit and credit cards may have been wrongfully accessed in recent weeks and that law enforcement is investigating the matter.
The data was breached between Nov. 27 and Dec. 15, the Minneapolis-based company said today in statement. Target said it alerted authorities and financial institutions immediately and has now identified and resolved the issue. The U.S. Secret Service said yesterday that it was probing the incident, and the company said it’s working closely with law enforcement to bring those responsible to justice.
Target’s challenges come as U.S. retailers gear up for the end of the holiday shopping season, which ShopperTrak predicts will be the slowest since 2009. The last thing Target needs right now as rivals pour on the discounts in a last-ditch grab for market share is for its customers to wonder if they should use their cards, said Ken Perkins, an analyst for Morningstar Inc. in Chicago.
“The timing could be a concern, especially only a few days before Christmas,” he said in an interview.
Target, which has 1,797 stores in the U.S. and 124 in Canada, fell 1.2 percent to $62.76 at 9:40 a.m. in New York. The stock gained 7.4 percent this year through yesterday, compared with a 43 percent gain for Standard & Poor’s 500 Retailing Index.
The breach came after the chain had already cut its annual forecast for same-store sales growth to 1 percent from as much as 2.5 percent in August. Doubts about its security could reduce purchases and the number of people signing up for a REDcard, its in-house credit and debit cards, Perkins said. Those card holders are the retailer’s biggest spenders, he said.
“The longer-term risk is that people remember this who were going to sign up for a REDcard and don’t,” Perkins said.
Online shoppers at Target.com might be spooked too, given that a link across the top of the site today read: “important notice: unauthorized access to payment card data in U.S. stores.”
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” Gregg Steinhafel, chief executive officer of Target, said in the statement.
Brian Leary, a spokesman for the Secret Service in Washington, confirmed the agency is probing the matter while declining to comment further because the investigation is under way.
While the agency is today best known for protecting the president, it was created in 1865 to fight currency counterfeiting. That role was expanded over the years to include certain kinds of fraud, including identity theft, electronic crime and computer intrusion. The service was part of the U.S. Treasury until 2003, when it was one of the agencies brought into the newly-created Department of Homeland Security.
Data breaches have hit other retailers. TJX Cos., owner of the T.J. Maxx and HomeGoods chains, reported in 2007 that hackers broke into its computer system and stole about 45.7 million credit- and debit-card numbers. The theft set a record at the time for such breaches.
In July, four Russians and a Ukrainian were charged in what prosecutors called the largest hacking scheme in U.S. history, a break-in to computers of retail chains that included 7-Eleven Inc., Carrefour SA and Wet Seal Inc.
KrebsOnSecurity, a blog written by Brian Krebs, a former Washington Post reporter, first reported that Target was investigating a breach potentially involving millions of customer card records, citing sources at two credit-card issuers.
The site also reported that Target customers had already been victimized. Molly Snyder, a spokeswoman for Target, declined to comment, citing the investigation. She also wouldn’t comment on when Target first learned of the breach and where it took place in the transaction process.