Minneapolis – Target confirmed that it suffered a major data breach that may have affected as many as 40 million credit and debit card transactions at Target stores between Nov. 27 and Dec. 15. The retailer said the information included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).
The data theft marks the second largest credit card breach in the United States after retailer TJX Cos. announced in 2007 that at least 45.7 million credit and debit card users were exposed to credit card fraud.
In a statement, Target said it alerted authorities and financial institutions immediately after it was made aware of the unauthorized access and identified and resolved the matter. The company did not say when it was made aware of the unauthorized access to payment card data or whether any fraudulently activity had occurred as a result. According to media reports, thieves were able to intercept data stored on the magnetic stripes of payment cards, which would allow them to transfer the data to the magnetic stripes of counterfeit payment cards and have them accepted by card readers.
‘‘Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” stated Gregg Steinhafel, president and CEO of Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target said it is working with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures that could be taken to prevent a similar incident from occurring.
“We are putting our full resources behind these efforts,” according to a statement on Target.com.
Target posted information on its website advising customers to remain vigilant for incidents of fraud and identity theft by regularly review their account statements and monitoring free credit reports.