Hackers Steal Credit Card Data From 40 Million Target Customers

In one of the largest theft of credit and debit card data in U.S. history, 40 million customers that shopped at Target had their credit and debit card data stolen by hackers who broke into Target’s computer terminals. If you shopped at Target between November 27 and December 15 you should check your account for any possible suspicious activity. If you see any suspicious activity, you will be better off closing your account and opening a new one.

One of the customers who’s account was compromised has this to say on CBSnews.com.

“I think it should be called the Great Christmas Hit. If they ever catch them, I hope they get Life in Prison with Bernie Madoff and the ENRON Boys.”

Micheal Kassner, who lives in the heart of Target-land in Minnesota and writes for TechRepublic has written a useful article called Target data breach: What you should tell non-IT folks right now. In his article Michael writes:

“It appears the only information stolen was data stored on the magnetic strip—not the account PIN, and not the three-digit security code on the back of the card. Here’s what the crooks did get from the magnetic strip:

• Card-holder’s name (There appears to be some confusion as to whether the card-holder’s name is on the magnetic strip or not. I called a few banks and received differing opinions.)
• Credit or debit account number
• Expiration date
• Card-present CVV (Another security code located on the magnetic strip.)”

As you may have already heard, lawsuits are being filed in Connecticut, Massachusetts, New York, South Dakota, and California. Some of them are seeking class-action status. According to a post on the security blog that first reported the breach, some of the stolen cards have been selling in the underground black market in batches of one million cards. The going price is said to be anywhere from $20 to more than $100 per card.

So what lesson can we learn from this security breach? Well, we need to take security seriously. As I have been saying for decades, a lot of businesses don’t take security seriously until they get hacked. I can tell you all kinds of horror stories from my consulting experiences, some of them are so unbelievably outrageous. People are no different. Unless they get hacked, security measures, such as strong passwords or firewalls are too inconvenient for them.

Why would businesses and individuals not take security seriously when it can be so damaging? One simple reason: they don’t believe it can happen to them.

Something to Think About

Here’s what I want you to think. If a retail store such as Target can’t protect your data, perhaps you can sue them and win a big lawsuit to recover your financial losses but what about your identity theft? I would be much more concerned about the identity theft because it can be far more damaging in the long run. Taking security seriously on your personal desktop computer, cell phone, tablet and laptop is even more important because if a retailer is unable to protect your data you might be able to file a lawsuit against the company but if you are unable to protect your data and identity because you didn’t take the proper measures to secure your own data you can’t sue yourself. How are you going to recover the damages? Just think about it.