As has been widely reported, the popular retail giant Target announced yesterday that it suffered a data breach impacting approximately 40 million credit and debit card accounts used in Target stores across the country between November 27th and December 15th. It appears that the breach involved the theft of “track data” from the magnetic stripe on the back of credit and debit cards used in Target stores. Thieves use this stolen information to create counterfeit cards.

Target reports that, with the help of a third-party forensics firm, it has identified and stopped the breach. The retailer also indicates that it has identified additional security measures designed to prevent future incidents of breach. In addition to Target’s forensics team, the Secret Service is also investigating the incident. It is anticipated that when the dust settles, it will rank among the largest retail breaches to date. 

As we have all learned in the past several years, any company that handles personal information, and especially payment card information, is a bull’s-eye for thieves. As a result, credit card security rules and practices are continuously evolving to keep up with the ever-changing threats. With its well-known forensic lab and focus on security, some security professionals have found Target’s breach “alarming” and speculate that it may have been an inside job involving compromised Point of Sale terminals or payment terminals. Other reports suggest that the PoS attack is similar to Russian criminal attacks that implant malware in PoS devices. Regardless of the source, this incident reminds us that all companies—including those that understand the seriousness of payment card security—must be vigilant at protecting against both internal and external threats.

Topics:  Credit Cards, Data Breach, Data Protection, Debit Cards, Hackers, Personally Identifiable Information, Retailers, Target

Published In: General Business Updates, Consumer Protection Updates, Finance & Banking Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »