40m card numbers stolen from Target


#1

[Permalink]


#2

Best Buy.com site is a hotbed for this kind of thing. Someone internally is getting cc numbers and purchasing items from accounts and having them sent to another shipping address. Which is very stupid since BB sends emails for conformation and delivery. The whole thing is that BB takes their sweet time in investigating and stopping shipping for these purchases. I had to call BB numerous times letting them know the status of my delivery through UPS since they were not proficient enough to call UPS and stop the delivery across the US. Their excuse was “Well, it IS the holidays…”


#3

The Krebs story was published yesterday on the 18th. I do the same thing constantly because he has a silly way of displaying the date where the year is transposed with where your brain expects the date to be.


#4

I’ve been meaning to go to Target for quite a while now to buy some new bedding materials but just haven’t gotten motivated enough to drive over there. I guess laziness really pays off sometimes.


#5

sigh Really? I just had my card replaced for another data breach elsewhere from VISA.


#6

of course, the first couple times i’ve been to target in YEARS was within that window. sigh.


#7

“Target’s first priority is preserving the trust of our guests”

If only their first priority were preserving the information security of their customers.


#8

ha! I thought the same thing this morning :smile:


#9

So this is the one that’s going to trigger an overhaul in how we pay for things, right? Instead of bolting on “sms fraud alerts” to an aging and poorly implemented system?

Did I just hear a cricket chirp?


#10

Well you still have passwords to protect your accounts - as long as no one can get hold of the get around the answers to security questions like your mother’s maiden name and color of your first car. No one will ever be able to crack that military grade security.


#11

I don’t know, does anyone else feel like this is fishy? I have a difficult time believing a band of Target thieves went to ALL of the stores throughout the US and planted these magnetic strips. I just wonder whether the breach had more to do with the government harming security through backdoors on internet systems and a criminal hack finding their way in. (Unless this was a massive inside job). And why is the Secret Service investigating this? Since when does the Secret Service involve itself in this type of theft?


#12

Well, I can’t get past the security questions on one of my accounts – I tried to be clever in my answers and quickly forgot the “obvious” substitutions that I made.


#13

that’s okay, since you weren’t required to use any special characters, probably any old password hacking program can figure your answers out for you.


#14

Um. Since it’s founding?

Today the agency’s primary investigative mission is to safeguard the payment and financial systems of the United States. This has been historically accomplished through the enforcement of counterfeiting statutes to preserve the integrity of United States currency, coin and financial obligations.

Source


#15

What do passwords and security questions have to with the fact that all the systems we use to move money between institutions in the US are horribly insecure.

Hell ACH is based on trust and well no one complained so this transaction must be good.

The systems are horribly outdated and seem to not be based on any modern concept of banking and security.


#16

Umm who said anything about thieves planting magnetic strips anywhere. This breach occurred over the network. Someone just sat grabbing every bit of data as the stores were transmitting through some central point.


#17

Sorry, I stand corrected.


#18

It was in a previous article I read. That was what they were putting out there initially.

Rogue software installed on Target card readers believed used to steal data

This article made it sound as if it was the point of sale, while swiping the magnetic card strip.


Card numbers stolen from Target via malware?
#19

Thanks, I updated the post. That dateline format is pretty annoying, yep.


#20

Me too! And I even got a special card JUST for buying stuff ONLINE where I only put the exact amount in the account after I bought something. Otherwise the balance is 7 bucks or zero and there is NO over draft protection (with associated fees) This means that if the number is swiped and they try to use it they can’t.

But This PISSES me off.

BTW I talked to someone who said after these thefts the banks have decided that it is cheaper to replace cards AFTER they have been used in some kind of crime than replace all 40 million cards. they are counting on the fact that their systems for fraud will find the unusual activity first.