The news: The day before Thanksgiving, a group of criminals gained access to Target’s customer information. They maintained access to the information until December 15, when Target realized there had been a breach.
The cybercriminals accessed 40 million customer names, credit and debit card numbers and security codes. (Online customers were not affected by the breach.) Target alerted the authorities as soon as they became aware of the breach, and has since hired third party forensic investigators. The data was obtained through software installed on machines where customers were swiping their cards, and approximately 1,797 Target stores were affected. Target urged its customers to check their bank statements and make sure all charges were their own.
The hackers had access to customer information for about three weeks, and the total financial damages are still unclear. The Target heist set a new record — the speed with which the hackers were able to access and collect data is unprecedented. Target and FBI investigators are still not sure how the perpetrators were able to compromise the registers without being detected.
The company’s shares dropped 1.9% after the breach was made public.
The background: The largest data breach in U.S. history occurred in 2007, when cybercriminals gained access to customer information from TJ Maxx and Marshalls, stealing information from almost 90 million credit and debit cards. It took the retailers 18 months to realize what was happening. Earlier this year, a similar heist, targeting ATM machines, occurred in New York City. The thieves made over $45 million in just a few hours, before anyone noticed anything was amiss. This type of cybercrime has become increasingly popular — a whole ring of cybercriminals, specialized in hitting chain stores, was indicted this past July — and is becoming more and more difficult to detect.
The takeaway: While the main concern in this type of crime used to be pre-paid credit cards, hackers have recently shifted their attention to regular credit and debit cards. These crimes are difficult to prosecute and difficult to obtain convictions for — some have even termed them "the cost of doing business."
There is no easy solution — no one in their right mind would advocate for the elimination of credit or debit cards. But we have to increase funding for cybercrime prevention and be more vigilant as consumers, or risk what is currently a common crime becoming quotidian.