Target cyber breach hits 40 million payment cards at holiday peak
By Jim Finkle and Dhanya Skariachan
BOSTON (Reuters) - Target Corp said hackers have stolen data from up to 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season in the second-largest such breach reported by a U.S. retailer.
The hackers worked at unprecedented speed, carrying out their operation from the day before Thanksgiving to this past Sunday, 19 days that are the heart of the crucial Christmas holiday sales season.
Target, the third-largest U.S. retailer, said on Thursday that it was working with federal law enforcement and outside experts to prevent similar attacks in the future. It did not disclose how its systems were compromised.
Target did not detect the attack on its own, according to a person familiar with the investigation.
The retailer was alerted its systems might have been compromised by credit card processors who had noticed a surge in fraudulent transactions involving credit cards that had been used at Target, according to the source, who was not authorized to discuss the matter.
The timing of the breach could not have been worse for Target, coming just before three of the four busiest days of what has been a bruising holiday season for retailers, with the highest level of discounting in years. Target itself last month lowered its profit forecast for the year after disappointing sales in the third quarter.
Complaints from customers began to surface on social media as they learned of it early Thursday morning.
"Most of these attacks are just a cost of doing business," said Mark Rasch, a former U.S. prosecutor of cyber crimes. Continued...