Credit and debit card accounts stolen during a security breach involving retailer Target have reportedly flooded underground black markets, going on sale in batches of one million cards.(We first reported this here on December 19, 2014)
The cards are being sold from around $20 to more than $100 each, KrebsOnSecurity reports. The security news site said it spoke to a fraud analyst at a major bank who said his team was able to buy a portion of the bank’s accounts from an online store advertised in cybercrime forums as a place where thieves can buy stolen cards.
The analyst was not identified, but said the purchase was made before Target admitted Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.
Fortunately, I don't do my Christmas shopping at Target.
No, that's misleading ... I don't do Christmas shopping at all. I'm less prudent than I am a curmudgeon, but apparently it's an Unexpected Consequence (or benefit?) of Curmudgeonlihood!
CHASE bank responded by putting temporary "restrictions" on the 10% of their accounts which may have been affected. About 2 million of them, apparently.
As expected, Target customers had trouble reaching the national chain's call center. Many refused to shop at Target stores. It's obvious that as much as it affected consumers, it affected the chain's profitability even more. During this, the most frantic shopping period of the year, that could sound the death knell for Target.
My opinion, not fact ... but Watch This Space.
Personally, I tend to use debit cards rather than debit cards for purchases. I don't keep enough in my bank account to cause fiscal ruin if I'm hacked.
On the other hand, my single credit card account does have protection plans.
Last year I reported that my credit card had been hacked. Some $1500 had been used for what seemed to be "charitable contributions" (presumably accounts set up by the hackers to accept stolen funds). When I noticed the charges the day after they occurred, I notified my Credit Card Vendor and they cancelled the account, deleted the charges, and sent me a new credit card. It was upsetting, and inconvenient ... but didn't cost me a penny after I reported and challenged the charges.
Unfortunately, not all bank debit cards offer the same kind of protection.
TARGET was responsible in reporting the problem immediately after they discovered the deception, and they are presumably taking steps to prevent its recurrance.
On Friday, Target reiterated that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.That's a single ray of hope for consumers whose card numbers have been compromised.
There was no indication the three- or four-digit security numbers visible on the back of the card were affected, Target said. It also said Friday there was no indication that the stolen data included a customer's birth date or social security number. The data breach did not affect online purchases, the company said.
Target also said it didn't believe that PIN numbers to customers' debit cards have been compromised.
My credit card company offers a 'notification service'; when they see a charge which does not seem to match their customers' normal shopping patterns ... they hold the transaction and contact me personally to confirm that the transaction is legitimate. That's a responsible way to manage an account, if you're a credit card company. So far, all of the transactions which they have notified me about have been legitimate. I can only assume that the two "bogus" transactions had not yet tripped their BS-ometer before it tripped mine. (Considering that the two charges totaled over $1,200, it's a good argument for credit card holders to regularly monitor their own account!)
And yes, I did check my credit card account ... my only charges since my last payment are only purchases which I recognize.
Can you say the same about your own credit account? May I suggest that you check it ..... now?