Target Data Breach Now At 70M

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
It was bad enough when the number of people affected was believed to be 40 million. Now, the company is saying that the actual number is 70 million. :eek:

The massive credit card heist at Target stores across the country in the heart of the holiday shopping season was nearly twice as large as previously revealed, with the retailer saying 70 million customers were hit -- making it one of the largest security breaches of its kind.
 
VKkAJoJl.jpg


Forgot the damn tags so this image is also for me.
 
oh but hey they gave everyone a 10% discount on ONE day so it's all even now.

People keep posting this but apparently failed to really take advantage of this. It was actually two days and was stackable. I got about 18% off electronics using the discount, RedCard and Pharmacy Rewards. So basically 1TB hard drives for $45 for example.
 
People keep posting this but apparently failed to really take advantage of this. It was actually two days and was stackable. I got about 18% off electronics using the discount, RedCard and Pharmacy Rewards. So basically 1TB hard drives for $45 for example.
So this is hypothetical:" Target allowed my personal info to be stolen and my identity was stolen and have cost me thousands of $$$$ but, they gave me 10% off purchases WOOT WOOT!!!!!!!" Anyway no thanks, Target doesn't get a chanced to put my financial health at risk for 10% off.
 
So this is hypothetical:" Target allowed my personal info to be stolen and my identity was stolen and have cost me thousands of $$$$ but, they gave me 10% off purchases WOOT WOOT!!!!!!!" Anyway no thanks, Target doesn't get a chanced to put my financial health at risk for 10% off.

If you're dumb enough to know you had shopped there within the time frame of the breach and didn't cancel/get new cards issued, that is really not Targets fault. Sure, they waited a few weeks before disclosing the breach, but is there even any confirmed reports of anyone actually having their money stolen from this yet?
 
so is the time frame of the breach the only people that are affected?...so if I purchased something from Target with my credit card earlier on in the year then I'm safe from the breach?
 
So this is hypothetical:" Target allowed my personal info to be stolen and my identity was stolen and have cost me thousands of $$$$ but, they gave me 10% off purchases WOOT WOOT!!!!!!!" Anyway no thanks, Target doesn't get a chanced to put my financial health at risk for 10% off.

Yeah that kind of was my point, sure getting a discount is awesome as all hell. I happened to be in Target get a 10% discount and had no idea why until I saw the news later that day.

I live in California though, so I'm surprised I didn't get a letter notifying me of the potential loss of my information as is required by California law.
 
About a few days before the massive Target data breach happened last Thanksgiving, my mom's Chase bank account was compromised. Apparently someone skimmed her ATM debit card at a Chase bank ATM. The ATM is the one outside the Chase bank that people use. If going by the letter sent to us by Chase, someone made a duplicate card and bought 5 items with it at three different Walmarts in another county. According to the investigation by Chase, one item was a flat screen HDTV. And, looking at the letter, there were four items at $499.99 each. I can only assume those were Xbox ONE consoles if going by the price and the dates. XONE was released November 22nd. The Target data breaches happened on Black Friday, Nov. 27. My mom's account was compromised on the 23rd. and 24th. last November.

Luckily my mom's account was insured and the bank has reimbursed her the money. Here's the thing:
  1. She doesn't use the debit card anywhere else except at Chase bank branches to withdraw money from her account.
  2. The scary thing is that this was done at a Chase bank ATM and not a store or anywhere else.
Thanks to this, my mom now goes inside the bank to withdraw money and refuses to use ATMs now or her debit card. She's old and she gets paranoid easily, so I can understand going that far. Her other bank account with Bank of America has not been compromised, luckily. All in all, she lost around $3000 in those two days alone.

According to her, the FBI has opened an investigation into this and seeing if other Chase bank branches in the area are affected. My mom hasn't heard anything from the FBI since November, so we assume they're still investigating.

My word of advice is be careful. And, no matter how careful you are with protecting your identity and personal financial information, someone somewhere will still find a way to take it from you. In the last year I worked as a tax preparer-- 2011 tax year (2012)-- about a fourth of all tax returns I did were rejected because the customer's identities were stolen. We're talking about thousands of dollars of tax refunds total for a lot of these customers. A few of those customers had to pay thousands of dollars plus fees and penalties for tax returns they never filed before, and being asked to pay back the tax refunds they never received because of a falsely filed tax return.

It's really scary how stolen identities is starting to be more and more common now. Everything from database breaches at Adobe to Target's customer's financial information being broken into.

We may as well go back to using purely cash now instead of plastic with all these data breaches happening until companies secure their servers and other as close to 100% as possible..
 
oh but hey they gave everyone a 10% discount on ONE day so it's all even now.

yup

If you're dumb enough to know you had shopped there within the time frame of the breach and didn't cancel/get new cards issued, that is really not Targets fault. Sure, they waited a few weeks before disclosing the breach, but is there even any confirmed reports of anyone actually having their money stolen from this yet?

That doesn't matter. Because of this breach, you now have to go through the process of getting said new card, Then change every single automatic payment setup to come off of your card to the new one. Hoping of course nothing is due to be paid during the time frame that the old one is cancelled and the new one arrives. You also have to make sure to stop at a bank to take out a decent amount of cash for anything that you need to purchase during that time frame as you now don't have a card between the old one being turned off and the new arriving (which can be a week or two depending on said bank).

So even with you changing out cards it is still a major inconvenience put upon people. $5 doesn't make it up to me.

About a few days before the massive Target data breach happened last Thanksgiving, my mom's Chase bank account was compromised. Apparently someone skimmed her ATM debit card at a Chase bank ATM. The ATM is the one outside the Chase bank that people use. If going by the letter sent to us by Chase, someone made a duplicate card and bought 5 items with it at three different Walmarts in another county. According to the investigation by Chase, one item was a flat screen HDTV. And, looking at the letter, there were four items at $499.99 each. I can only assume those were Xbox ONE consoles if going by the price and the dates. XONE was released November 22nd. The Target data breaches happened on Black Friday, Nov. 27. My mom's account was compromised on the 23rd. and 24th. last November.

Luckily my mom's account was insured and the bank has reimbursed her the money. Here's the thing:
  1. She doesn't use the debit card anywhere else except at Chase bank branches to withdraw money from her account.
  2. The scary thing is that this was done at a Chase bank ATM and not a store or anywhere else.
Thanks to this, my mom now goes inside the bank to withdraw money and refuses to use ATMs now or her debit card. She's old and she gets paranoid easily, so I can understand going that far. Her other bank account with Bank of America has not been compromised, luckily. All in all, she lost around $3000 in those two days alone.

According to her, the FBI has opened an investigation into this and seeing if other Chase bank branches in the area are affected. My mom hasn't heard anything from the FBI since November, so we assume they're still investigating.

My word of advice is be careful. And, no matter how careful you are with protecting your identity and personal financial information, someone somewhere will still find a way to take it from you. In the last year I worked as a tax preparer-- 2011 tax year (2012)-- about a fourth of all tax returns I did were rejected because the customer's identities were stolen. We're talking about thousands of dollars of tax refunds total for a lot of these customers. A few of those customers had to pay thousands of dollars plus fees and penalties for tax returns they never filed before, and being asked to pay back the tax refunds they never received because of a falsely filed tax return.

It's really scary how stolen identities is starting to be more and more common now. Everything from database breaches at Adobe to Target's customer's financial information being broken into.

We may as well go back to using purely cash now instead of plastic with all these data breaches happening until companies secure their servers and other as close to 100% as possible..

That won't happen, the issue is cost of security vs cost of dealing with breach. the breach is cheaper. That has always been the mindset of banks, they could require more stuff in place to protect against theft from check or some other means of transaction but normally that means hiring more people and training them better. When they look at the cost of that vs what it cost them to just deal with the fall out they go the cheaper route. This is pretty much now the mindset of companies when it comes to security for anything now. Nothing is really secure anymore, there are always people gaining access to stuff they shouldn't. And this will continue as companies don't want to pay money for better security, pay money for people that monitor everything closely...
 
I don't shop at Target but, My wife did and used her bank card there during the effected time. She cancelled her card immediately upon learning of the breach. Fortunately, no fraud on the said account but according to Target the thieves now have her name, address, e-mail, and phone number. This is way to much personal info that can be exploited and yes I do blame Target for this.
 
If you're dumb enough to know you had shopped there within the time frame of the breach and didn't cancel/get new cards issued, that is really not Targets fault. Sure, they waited a few weeks before disclosing the breach, but is there even any confirmed reports of anyone actually having their money stolen from this yet?

Yes....

And yes its still targets fault. A 10% discount is laughable.
 
Yes....

And yes its still targets fault. A 10% discount is laughable.

What do you suggest they do?


This could have happened anywhere and it's likely happening somewhere right now where you have recently used a card but it hasn't been detected yet.
 
That doesn't matter. Because of this breach, you now have to go through the process of getting said new card, Then change every single automatic payment setup to come off of your card to the new one. Hoping of course nothing is due to be paid during the time frame that the old one is cancelled and the new one arrives. You also have to make sure to stop at a bank to take out a decent amount of cash for anything that you need to purchase during that time frame as you now don't have a card between the old one being turned off and the new arriving (which can be a week or two depending on said bank).

So even with you changing out cards it is still a major inconvenience put upon people. $5 doesn't make it up to me.

Which is why I have multiple credit cards.

1 for automatic payments like utilities.
1 for general shopping.
1 for questionable web sites.
1 for travel (Hotels, rental car, etc.)

Also have a few vendor cards like Target and Amazon to get discounts. If my Target card is compromised, it only affects Target.

Minimizes the headaches if one does get compromised, and I can switch to one of the other cards as a backup if one gets compromised like when I'm traveling.

This is why I never use a debit card anywhere other than the bank ATM (and I always check to make sure the ATM doesn't look compromised).
 
What do you suggest they do?


This could have happened anywhere and it's likely happening somewhere right now where you have recently used a card but it hasn't been detected yet.

To be honest at this point there is nothing they can do to make it better. If somebody kills your child no amount of I'm sorry or money will bring them. The same here, after screwing up and having a security breach there isn't anything that they can do that will suddenly make everything ok.

They can own up to the fact that they screwed up, take care of any financial damages that customers have from this, and they can fix whatever caused the problem. but that doesn't make up for the issue. Nor does it excuse it happen.
 
What do you suggest they do?


This could have happened anywhere and it's likely happening somewhere right now where you have recently used a card but it hasn't been detected yet.

Not keeping my Credit/Debit Card information would be a good start. There's no reason they need to perpetually store that in a database. (Target red card notwithstanding, but that can probably be argued as well)
 
Not keeping my Credit/Debit Card information would be a good start. There's no reason they need to perpetually store that in a database. (Target red card notwithstanding, but that can probably be argued as well)

I'm not asking what they can do to resolve or prevent it from happening again (there are plenty of controls to implement), I'm asking what can they do for you to get over it?
 
That director of IT or director of security is likely searching for a new job now.
 
People keep posting this but apparently failed to really take advantage of this. It was actually two days and was stackable. I got about 18% off electronics using the discount, RedCard and Pharmacy Rewards. So basically 1TB hard drives for $45 for example.

I got fucked over by the Target thing and didn't even know about that.
 
This will be a lot more then 70 Milliion cards when it is all said and done.

It will also likely not just be Target; the angry grumbling of the internet experts make it seem like like Target is a bank and they control your personal information. The compromise occurred behind the POS terminals, for all practical purposes the data was being intercepted as it flowed from Targets sales systems to the servicing company. That servicing company is a vendor that provides POS systems to a whole lot more companies then just Target.
 
I just now found that my card was compromised. I didn't make any product purchases at Target, I only drove my friend there so he could get an Xbox One and used my card to buy a cup of coffee at the Starbucks inside Target. I just had to go through all this back in August, so I'm not amused with having to change card info yet again. .
 
I never shop at Target but it was on the way home and so I stopped to get dog food the day after Black Friday which is in the effected date range. So the one fucking time I use Target in over a year and I get bent over.
 
All this kind of thing will increase call for some sort of scanning, biomarkers etc. In a few years I'll have to do a nutscan at home to buy Fallout XYZ
 
oh but hey they gave everyone a 10% discount on ONE day so it's all even now.


They also provide 1 year free of fraud monitoring as well

i heard yesterday on CNN it was up to 110 Million now

Scary if it was the POS Literally now"piece of sh*t" provider as you said, this could hurt alot more companies now!
 
Suntrust already replaced my debit card proactively due to this.
 
I never shop at Target but it was on the way home and so I stopped to get dog food the day after Black Friday which is in the effected date range. So the one fucking time I use Target in over a year and I get bent over.

I am with you. I haven't went there in years. However I had gotten a $25 gift card so stopped by the weekend after black Friday to get a few things for a family dinner and decided to spent a little over the $25 to not have a few dollars left on the card. Think I charged like $4 to my debit card as I don't normally bother to carry cash on me (which I know is bad). So had to go through the hassle of changing my card over $4 :/
 
I shopped during the affected period, but haven't been hit with any fraud charges. Discover is sending me a new card just to be safe though. My Amex got hit last month for fraud charges, but I never used it at Target. Still sucks all around.
 
I never shop at Target but it was on the way home and so I stopped to get dog food the day after Black Friday which is in the effected date range. So the one fucking time I use Target in over a year and I get bent over.

well. The good? news is the 70 million people were affected so the odds of someone using your information is pretty slim.
 
My Mom just found it she had her identity stolen. Someone(s) changed her social security number to a bank in another state and started rerouting mail and cashing checks at the new address.

I read that the Target data stolen is everything on file since Target opened. I don't think this is as bad as Walmart online and how they steal the credit card used instantly and start charging to it. Search that one for some stories, since Walmart doesn't acknowledge this and I had this happen to me on 2 different cards the only 2 times I bought something online. 2 cards I hadn't used in over 8 months at the time.
 
One thing about this story that get me is that this shows how worthless the threat of fines from PCI DSS compliancy really is. They threaten if you aren't following the rules they will fine you something like $250,000+ if I recall and that you might lose the right to accept certain types of cards for up to 2 years.

And yet some of the rules are that you are not allowed to store the full card information, you are not allowed to store the contents of the magnetic strip, you are not allowed to store the pin... All the stuff that they seem to be storing.

So for smaller companies they get pressure to ensure they follow these rules. but the bigger guys are just allowed to slide. probably because neither Visa, mastercard or discover want to be the one to say that they are pulling Target's (or any other major chain's ) right to accept their card leaving their competition able to make money off them pulling out of that store.
 
This isn't even the worse of it, yet:
http://gizmodo.com/report-holiday-hackers-attacked-at-least-three-other-m-1499657812

According to the report, the hackers likely hail from Eastern Europe—and it turns out they staged a series of "trial" hacks that took place in late November. Those attacks were used to help plan the larger operation in December, using a technique called "RAM scraping:"
One of the pieces of malware they used was something known as a RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text, the sources said.​
Legal snarls complicate informing customers, and credit card companies aren't allowed to disclose the names of hacked companies until they do so themselves. It sounds as though these new breaches might not be as gargantuan as Target's, which is good. But counting Target and Neiman Marcus alone, the info of roughly 110 million customers has already been stolen. And that number is set to make a huge jump as the Department of Justice investigates these new breaches.
Target and Neiman Marcus were TRIAL RUNS apparently.

Another retailer got hacked in December which has not been disclosed yet due to current laws. The DoJ is still investigating and once revealed, the current 110 million affected customers will go up.

Now, who is the third retailer?

One Gizmodo commenter replied with this:
Taking all bets:

1:200 CVS. Walgreens, Rite-Aid, Duane Reade or other drug store chain, Wally World/Walmart, Costco,
1:100 Red Robins, Sam Ash, Guitar Center, Best Buy, AT&T/Verizon/T-Mob Retail Kiosks
1:50 Macy's, Bloomingdales, Sears,
1:25 TJ Maxx
1:20 Marshall's
1:3 Hot Dog on a Stick
1:1 Souplantation
 
Also, don't these companies have any anti-malware software installed?

Being attacked by a "RAM scraping" malware to read the decrypted financial information in the server's memory then sending it to the attackers afterwards tells me they don't seem to have any such protections against these kind of attacks. It's just about laughable honestly. I always peg on my friends to protect their computers because the number of times I've had to fix it after a virus or malware infection. Yet, it seems these companies don't take such a proactive approach to protecting their data and their customers.
 
malware isnt pro-active, it is reactive, so if this is a 0day / 0sec exploit the malware makers likley don't even know about it.
 
They also provide 1 year free of fraud monitoring as well

i heard yesterday on CNN it was up to 110 Million now

Scary if it was the POS Literally now"piece of sh*t" provider as you said, this could hurt alot more companies now!

Heard about it also. That's just insane.
Sweetbay Supermarkets got hit years ago and I lost $200 but got it back.
 
Back
Top