Winnipeg Free Press - PRINT EDITION

Feds probe Target data breach

Suspects may have been identified, experts say

  • Print
A customer signs his credit card receipt at a Target store in Tallahassee, Fla. The discount retailer confirmed Monday its data-security breach involved malicious software.

PHIL COALE / THE ASSOCIATED PRESS FILES Enlarge Image

A customer signs his credit card receipt at a Target store in Tallahassee, Fla. The discount retailer confirmed Monday its data-security breach involved malicious software.

MINNEAPOLIS -- The U.S. Justice Department began investigating the data-security breach plaguing Target Corp. and its shoppers, the company said Monday as the nation's banks fought to head off fraud risk.

The Minneapolis-based retailer disclosed the Justice Department's involvement in a brief statement that also said its top lawyer planned a conference call with state attorneys general to discuss the breach and its impact. Target did not elaborate on the Justice Department's focus, and a spokesman for the government agency declined to comment.

IT security experts said it could indicate a suspect or suspects have been identified.

"I can't see another reason that they would be involved at this point," said Al Pascual, security risk and fraud analyst at Javelin Strategy & Research. "It's too early to say it's criminal negligence on the part of the company."

The trendsetting discount retailer has been emphasizing it was the victim of a sophisticated crime and sought to bolster the public's confidence by extending a 10 per cent discount to shoppers in the stores on Dec. 21 and 22.

Target finally confirmed Monday the attack involved malicious software that somehow got on the point-of-sale card-swiping devices in the checkout aisles of Target's U.S. stores. The attack exposed debit and credit card information of 40 million customers who bought merchandise in U.S. stores from Nov. 27 to Dec 15. News of the data attack sent consumers scrambling for information from Target, jamming the company's phones.

"We have communicated to 17 million guests via email and reminded them that unless they have seen fraudulent activity on their account, there is no urgent need to call," Target spokeswoman Molly Synder said Monday in the statement.

Nearly any type of credit and debit card used for purchases at the store during the 19-day period was affected, including Target's own Redcard debit and credit cards. About 20 per cent of Target's total sales are transacted on the two types of Redcards.

The data breach is among the largest recorded and remains under investigation by the U.S. Secret Service and an outside forensics company working with Target.

But to date, little actual card fraud related to the data security breach has been reported. It will likely be many months before the degree of card fraud related to the theft is known.

The theft involved the CVV security codes embedded in the magnetic stripes on the cards and not the three-digit CVV codes on the back of the cards, as the company initially reported.

Target has repeatedly said the heist did not compromise debit card PIN numbers. Still, some institutions have decided to proactively reissue new debit cards and PIN numbers to affected customers.

Over the weekend JPMorgan Chase & Co., one of the country's largest card issuers, imposed daily limits on ATM debit withdrawals and debit card purchases of about two million of its customers whose accounts were exposed in the Target breach.

At first, Chase limited customers to cash withdrawals of $100 a day and total purchases of $300 a day. It has since relaxed the restrictions to cash withdrawals of $250 and total purchases of $1,000 a day.

"We realize this could not have happened at a more inconvenient time with the holiday season upon us," Chase said in its notice to its customers.

Doug Johnson, vice-president of risk management policy at the American Bankers Association, said he didn't know of any other major card issuer taking such a step. Banks are walking a fine line, he said, trying to eliminate risk without hassling customers at a time of heavy holiday shopping and travelling.

San Francisco-based Wells Fargo & Co., the largest bank in Minnesota, and Minneapolis-based U.S. Bancorp, both said they aren't cancelling or restricting cards. The banks are both major card issuers and said they are monitoring cardholder accounts for unusual patterns and activity.

There's pressure not to cancel cards since it costs banks about $4 to $5 to replace a consumer's card. Mass card replacements would add to the overall cost of the breach, which is expected to rise to hundreds of millions of dollars in combined fraud losses, litigation and other expenses.

"I don't think any of the issuers want to be the bank that stole Christmas, the Grinch, even though that's probably what they should do," said data-security expert Brian Krebs, who first broke the news of the breach on his blog Krebsonsecurity.com.

Flat out cancelling cards isn't terribly practical either, Pascual noted: "If we had to replace a card for every breach, you'd get a new card every month."

Krebs blogged Sunday there's been another huge batch of stolen cards trading on the digital black market, this time cards issued by non-U.S. banks. Easy Solutions Inc., an anti-fraud company in Miami that also monitors black- market card activity, also blogged about the new "world dumps" of cards.

Daniel Ingevaldson, Easy Solutions' chief technology officer, said many of the cards in the latest huge batch were issued by banks in Latin America. Krebs said he thinks they were from all over the world. Both said the latest batch appears to be linked to the Target breach.

"All the hallmarks are the same," Ingevaldson said.

The stolen cards issued by non-U.S. banks may be more valuable now to crooks as U.S. cardholders and banks cancel their cards and clamp down on potential fraud, they said.

"This is going to be a process where unfortunately the lion's share of the work falls on the banks," Ingevaldson said.

-- Star Tribune (Minneapolis)

Republished from the Winnipeg Free Press print edition December 24, 2013 0

History

Updated on Tuesday, December 24, 2013 at 5:39 AM CST: Replaces photo

Fact Check

Fact Check

Have you found an error, or know of something we’ve missed in one of our stories?
Please use the form below and let us know.

* Required
  • Please post the headline of the story or the title of the video with the error.

  • Please post exactly what was wrong with the story.

  • Please indicate your source for the correct information.

  • Yes

    No

  • This will only be used to contact you if we have a question about your submission, it will not be used to identify you or be published.

  • Cancel

Having problems with the form?

Contact Us Directly
  • Print

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

Have Your Say

Comments are open to Winnipeg Free Press print or e-edition subscribers only. why?

Have Your Say

Comments are open to Winnipeg Free Press Subscribers only. why?

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010.

letters

Make text: Larger | Smaller

LATEST VIDEO

Interview with Bobbi Ethier of Wasylycia-Leis campaign

View more like this

Photo Store Gallery

  • Marc Gallant / Winnipeg Free Press. Local- Deer in Canola field near Elma, Manitoba. 060706.
  • Geese fight as a male defends his nesting site at the duck pond at St Vital Park Thursday morning- See Bryksa’s Goose a Day Photo- Day 08- May 10, 2012   (JOE BRYKSA / WINNIPEG FREE PRESS)

View More Gallery Photos

Poll

Has the attack on Parliament hill shaken your faith in Canada's ability to protect its citizens from terrorist threats?

View Results

View Related Story

Ads by Google