Holiday shoppers beware: Hackers have broken into the databases of retail superstore Target and made off with approximately 40 million credit and debit card accounts used in Target's stores between Nov. 27 and Dec. 15, 2013.
Anyone who has used a credit or debit card at a physical Target location within that time should assume that their accounts have been compromised.
The breach was first reported by security expert and blogger Brian Krebs on Dec. 18, and later confirmed by Target on Dec. 19. One of Krebs' sources said that: "When all is said and done, this one will put its mark up there with some of the largest retail breaches to date."
Target says the stolen account information consists of the customer's name and credit or debit card number, as well as the card's expiration date and CVV (three-digit security code).
According to Krebs' sources, the stolen account information comes from the so-called "track data" stored on a credit or debit card's magnetic stripe. The CVV stored on a card's magnetic stripe is different than the one printed on the card itself, however. So in this case the thieves wouldn't be able to use a stolen account to make online purchases (which require the printed CVV) but they could use the stolen data to forge new credit cards by encoding the track data on a new magnetic stripe, Krebs speculates.
It's not clear if the breach includes PIN numbers associated with debit cards used at Target, but if so, the thieves could use those as well to make unauthorized cash withdrawals. In October, Adobe admitted that hackers had stolen 150 million account credentials, compromising the emails and passwords of more than 38 million individual users.
In May, open-source content management system Drupal was hacked, and almost 1 million users' email addresses, passwords and other personal information was stolen.
If you believe you have been affected by Target's data breach, contact your credit card company immediately and check for any unfamiliar expenses. You can also obtain a credit report from a nationwide credit reporting agency such as Equifax, Experian or TransUnion, and ask for a "fraud alert" to be applied to your account. This requires creditors to take extra steps to verify your account, making it more difficult for anyone, including you, to obtain credit.
You can also contact Target directly at 866-852-8680 or see Target's official statement for state-by-state recommendations.