Target Stores (TGT) is investigation a major security breach that has affected millions of customers all around the US.
Target Stores issued a statement acknowledging the breach, “Approximately 40 million credit and debit card accounts may have been impacted,” the retailer said on Thursday morning.
The breach, first reported on Wednesday by the security bloggger Brian Krebs, began the day before Thanksgiving, extending to at least December 15 according Target Stores.
“A spokeswoman for American Express confirmed the breach in an interview with the Star Tribune, and the Secret Service confirmed to The Wall Street Journal and the Associated Press that it has begun its own investigation.” reports the Minneapolis Star Tribune.
It is not clear whether Target customers shopping online were affected by the attack. The cyber criminals appear to be targeting the point-of-sales at the stores, which collects credit and debit card data, potentially including personal information such as PIN numbers.
Investigators believe the data obtained in the security breach that hit Target customers during the busiest time of the year, was obtained by installing software on machines shoppers use to swipe their card when checking out.
Krebs On Security, the industry security blog that broke the story, say nearly all 1,797 Target stores in the US have been affected by the breach, according to reports by two credit card companies.
The report says that Target didn’t realize there was a security breach, until “track data” made it apparent that about one million credit card data had been stolen, however, the website believes the number could be significantly higher.
“When all is said and done, this one will put its mark up there with some of the largest retail breaches to date,” the report said citing an unnamed source.
Investigators don’t know how the cyber crooks where able to compromise such large number of point-of-sales machines in the security breach at Target stores across the nation.
Sophisticated hackers have targeted point-of-sales systems in recent years. To do so, experts believe, a company insider could install malware into computer systems or an unsuspecting employee could download an infected link.
Criminals can steal personal information, including the PIN numbers and create counterfeit cards to steal customers funds from an ATM.
Security experts recommend that Target customers affected by the security breach keep a close eye on their transactions and change their PIN numbers to protect themselves.