Plaintiffs' Law Blog: TARGET CONFIRMS MASSIVE DATA BREACH

Friday, December 20, 2013

TARGET CONFIRMS MASSIVE DATA BREACH

Target, one of the nation’s largest retailers, acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The theft is the second-largest credit card breach in U.S. history. The largest on record was at Heartland Payment Systems, which revealed in 2009 that roughly 130 million credit and debit cards had been exposed. The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised. The retail giant later negotiated a $40.9 million settlement with Visa over the incident. The TJX data was reportedly stolen by criminals who gained access to payment systems through the wireless networks of individual stores.

Customers who made purchases by swiping their cards at Target’s U.S. stores between November 27 and December 15 may have had their accounts exposed. Target confirmed that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards. As of yet, there was no indication the three- or four-digit security numbers visible on the back of the card were affected. The information stolen could allow criminals to make fraudulent purchases almost anywhere in the world either on the internet or by making phony cards. The massive data breach did not affect online purchases.

Target has not disclosed exactly how the breach occurred. In any event, the hackers gained access to as many as 40 million credit and debit cards used by customers of Target during the height of the holiday shopping season.

The breach highlighted vulnerabilities in the massive, interconnected shopping systems used for billions of dollars of retail transactions every day. Customers at Target’s nearly 1,800 stores in the United States were potentially affected.

Everyday consumers have had to scramble to cancel compromised cards and have new cards issued. This obviously threatens to cause disruptions as shoppers move into the final days of the busiest time of year for retailers.

The Secret Service has even gotten into the investigation. Major breaches in the past have drawn scrutiny, and in some cases, fines from federal and state officials when they determined that companies did not adequately protect private customer information.

It is estimated that Target will have to spend at least $100 million to cover legal costs and to fix whatever went wrong. Target will owe money to card brands, like Visa and American Express, to reimburse customers for fraudulent transactions.

Target said it notified law enforcement authorities and financial institutions after discovering the breach. The company said it also has hired an outside forensics firm to investigate the incident and strengthen its systems.

The payment systems used in modern retailing are sprawling, with countless card readers in individual stores gathering data, transmitting them on internal corporate networks and communicating with banks before approving purchases. Hackers could potentially find weaknesses at any point in the system. Often, hackers insert a “worm” into the system, which continually accumulates data in hidden folders. The hackers then retrieve the worm, which is full of card holder data.

The massive extent of the breach probably means that hackers reached deeply into Target’s corporate networks rather than accessing systems at individual stores. Criminals also obtained pin codes for debit cards, which conceivably could be used to withdraw cash directly from user bank accounts.

Although not on the same scale, the Mapco breach is extremely similar. The threat of data breaches is a constant threat in the new economy and must be taken seriously. See my previous blog posts in regards to the Mapco breach.

Pittman, Dutton & Hellums, P.C. is currently investigating claims against Target as it relates to their data breach. The breach affects individuals and banking institutions alike. If you were affected by the Target data breach, please contact Booth Samuels at booths@pittmandutton.com or 1-866-515-8880.

Booth is an attorney with the law firm of Pittman, Dutton & Hellums, P.C. He was born and raised in New Orleans, LA. He attended college at Washington and Lee University and graduated with a B.A. in European History. Upon graduation, he returned to New Orleans and entered Loyola University School of Law and obtained his J.D. Degree.

He was admitted to practice law in the State of Alabama in 2006, and the State of Louisiana in 2008. He is also admitted to practice in the U.S. Supreme Court, U.S. District Court for the Northern District of Alabama, Middle District of Louisiana and the U.S. Federal Claims Court. Booth is a member of the Alabama State Bar, the Louisiana State Bar, the Birmingham Bar Association, the Young Lawyers Section of the Birmingham Bar Association and the American Association for Justice.

Booth's primary practice is in the areas of litigation involving products liability, insurance fraud, bad faith, identity theft, business torts, vaccine cases and general personal injury matters.

Plaintiffs' Law Blog

Friday, December 20, 2013

TARGET CONFIRMS MASSIVE DATA BREACH

Blog Archive

Labels

Popular Posts