Target credit card data theft gets worse

Any way you cut it, this is a bad situation for Target’s shoppers and the company itself, and I don’t see how it gets any better right now. The latest from Krebs, who broke the story in the first place, will blow your mind.

So, here’s the most telling thing about the situation according to Krebs on Security (should be bookmarked by everyone, by the way):


Prior to breaking the story of the Target breach on Wednesday, Dec. 18, I spoke with a fraud analyst at a major bank who said his team had independently confirmed that Target had been breached after buying a huge chunk of the bank’s card accounts from a well-known “card shop” — an online store advertised in cybercrime forums as a place where thieves can reliably buy stolen credit and debit cards.

There are literally hundreds of these shady stores selling stolen credit and debit cards from virtually every bank and country. But this store has earned a special reputation for selling quality “dumps,” data stolen from the magnetic stripe on the backs of credit and debit cards. Armed with that information, thieves can effectively clone the cards and use them in stores. If the dumps are from debit cards and the thieves also have access to the PINs for those cards, they can use the cloned cards at ATMs to pull cash out of the victim’s bank account.


I’m done getting any more ticked off about this. Apparently, Target is offering its customers the employee discount of 10% over the holidays to make amends.

Hello! That still means that we shop with you, Target. How about figuring out what happened, and why it happened, and giving us some big assurances that you know what you are doing going forward.

That would be great. Not expecting me to hand over my credit card information to you for a discount despite everything that has happened.