Hackers Steal Target Shoppers' Credit, Debit Card Info

Target store

Hackers have stolen confidential data from as many as  40 million credit and debit cards that shoppers used at Target stores from the day before Thanksgiving until December 15.

The data breach reportedly extends to nearly all of Target's 1,797 stores nationwide and involves the hacking of machines at checkout lines on which customer swipe their cards when making purchases.

So far, there's no indication that payment data was stolen concerning online purchases from Target, the nation's second-largest retailer.

News of the breach was broken Wednesday by Brian Krebs, a computer security expert and former Washington Post reporter. After the Secret Service confirmed it is investigating, Target issued this release early Thursday.

"Show Us Your Modern Family" Photo Contest. Upload your photo for a chance to be photographed in AARP The Magazine.  See official rules.

It's not clear how attackers were able to compromise "point-of-sale" terminals at so many Target stores across the country, but it's believed that roughly 40,000 card-reading devices were affected. These machines collect information from the magnetic stripe on credit and debit cards, and potentially also personal identification numbers (PINs).

With this information in hand, cybercriminals can potentially create counterfeit cards by encoding the data onto any card with a magnetic stripe. If the thieves also were able to obtain PIN data for debit transactions, they would theoretically be able to clone debit cards and use them to withdraw cash from ATMs.

In its statement, Target confirms that stolen information includes customer names, credit or debit card numbers, as well as card expiration dates and CVVs (three- or four-digit security codes).

If you shopped at Target during the affected dates, immediately alert your credit or debit card issuer. You should also carefully check future credit card and bank statements for fraudulent purchases or withdrawals. In coming weeks, get a free credit report at AnnualCreditReport.com (you can get one per year for no charge from each of the three major credit reporting bureaus) and then get another one a few months later (identity thieves sometimes hold onto stolen data before using it). Look for unauthorized charges and the fraudulent opening of new accounts in your name. Immediately report any that you find.

>> Get discounts on electronics with your AARP Member Advantages.

Click here to get more information about protecting yourself from data breaches.

Photo: Jay Reed/Flickr


Also of Interest


See the  AARP home page for deals, savings tips, trivia and more


Search AARP Blogs