Target shoppers whose credit and debit card numbers were compromised in a massive security breach that took place between November 27 and December 15 now have their worst fears confirmed: their card numbers are up for sale in the black market.
According to Brian Krebs of Krebs On Security, the credit and debit card accounts that were stolen in a recent data breach at retail giant Target were sold in the black market in recent weeks, selling in batches of one millions cards and going from anywhere between $20 to more than $100 per card. Tracing the transactions would also be very difficult since the stolen data can be paid for using Bitcoin, Litecoin, WebMoney and PerfectMoney which would protect the identity of the sellers and buyers.
The security breach affected only shoppers who made purchase physically at Target stores in the U.S. and allowed the hackers to glean data that can be burned into counterfeit cards such as customer names, credit and debit card numbers, expiration dates, and three-digit security codes.
"Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim's bank account," Krebs explained on how the stolen data can be used.
Meanwhile, Target issued a statement on Friday, saying it is closely monitoring the situation and reassured patrons that they will not be held financially responsible for any credit card or debit card fraud. The company also said it has reported the affected account numbers to credit card companies.
"We have already alerted all of the networks (Visa, MasterCard, Discover and American Express) and provided the affected card numbers of guests who may have been impacted. The networks, in turn, are providing the affected card numbers to the financial institutions of our guests via a "batch" or "CAMS alert." This alert process allows card providers to take steps to enact additional fraud monitoring. For our REDcard holders, in addition to the robust fraud monitoring system we already had in place, we have added additional layers of security and fraud monitoring to their cards," Target said.
The company also said that it would alert affected customers via email. Target acknowledged on Thursday that its in-store point-of-sale systems were hacked compromising approximately 40 million credit card and debit card numbers that belong to customers who shopped in company stores on or around Black Friday.
