Target reports data breach, affects 40 million cardholders

Target reports breach of 40 million cardholder accountsWell, it’s not a good day to be a Target customer – or Target shareholder, for that matter.  The retailer has reported that 40 million customers who shopped at the company’s brick-and-mortar stores during Thanksgiving 2013 to December 15 had their payment card information stolen.

Since we’re talking about Point of Sale (POS) fraud that occurred after magstripe payment cards were swiped, the stolen information is comprehensive:

  • Customers’ names
  • Credit and debit card numbers
  • Card expiration dates
  • Debit-card personal identification numbers
  • Embedded codes on the cards’ magnetic strips

With this stolen information, it’s possible to clone credit cards and make offline purchases – online too – that are undetectable as fraudulent.  We’ll probably see this stolen credit and debit card information flood the black market exchanges, where cyber criminals shop for customer data to exploit.

As this would suggest, the best remedy for consumers is cancellation of any payment cards exposed in the breach and issuance of new ones.  Considering that it costs a bank about $0.40 to replace a magstripe payment card, there will no doubt be lawsuits about who should bear the cost.

At SurePassID we’re big fans of the national migration from magstripe to EMV payment cards.  But in this case EMV payment cards wouldn’t have prevented the breach.