If you shopped at a Target store in the U.S. between Nov. 27 and Dec. 15 2013, Target has confirmed that a security breach has resulted in the compromise of credit and debit card information for nearly 40 million accounts during the holiday season.
According to Target, the attackers gained access to data such as customer names, credit card or debit card numbers and CVV security codes through the magnetic strips on the back of credit and debit cards. While most at risk can attempt to deactivate the cards from further usage, the problem is that the attackers can now create counterfeit payment cards to purchase gift cards at major retailers, and then convert them back to cash. If the encrypted PIN data is also decoded from the debit transactions, the attackers will be able to withdraw cash from ATMs.
Target, the nation’s third largest retailer, is currently working with federal law enforcement and other experts in an attempt to prevent similar attacks from occurring in the future.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Since the security breach, Montgomery-based law firm Beasley, Allen, Crow, Methvin, Portis & Miles, P.C., has filed a class action lawsuit on behalf of Target customers who suffered losses due to the recent attack. The complaint was filed Dec. 20 in the United States District Court, Middle District of Alabama, Northern Division.
“A breach of this nature indicates Target did not abide by the best practices and industry standards concerning the security of its Information Technology systems,” said Beasley Allen lawyer Larry Golston in a news release.