U.S. retailer Target has officially confirmed that hackers accessed payment card details of over 40 million customers who paid via their cards in Target stores in the last few weeks.
Target released a statement, Thursday, confirming that around 40 million credit and debit card accounts may have been impacted between November 27 and December 15 this year when shoppers made a card payment in one of the retailer's 1,797 bricks-and-mortar store across the country.
KrebsOnSecurity recently reported that the type of data stolen from Target is known as "track data," which may enable hackers to recreate a counterfeit card by encoding the data onto any card with a magnetic stripe. If the hackers were able to intercept PIN data for debit transactions, they may also regenerate stolen debit cards and use them to withdraw money from ATMs. However, Target says that there is no indication to suggest if hackers also intercepted the PIN numbers as well.
The retailer confirmed in its statement that it is working closely with the country's law enforcement and financial institutions, and has now identified as well as resolved the issue.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer, Target. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
Target is also partnering with a leading third-party forensics firm to conduct a detailed investigation of the incident. Customers who think they may have been affected with the incident can also visit Target's corporate website to get answers to some frequently asked questions (FAQs).
Analysts suggest that just like other retailers, Target would have hoped to make profits during the busy holiday season but the latest breach may have cost the company heavily.
"Whatever money Target thought they were going to get during the holiday season just got flushed down the data-breach toilet," said John Kindervag, an analyst and data security expert at research firm Forrester.
Target may now have to incur about $100 million to cover legal costs and to fix what went wrong.
