Debit and credit cards stolen in Target breach reportedly for sale in underground black marketsRich
The cards are being sold from around $20 to more than $100 each, KrebsOnSecurity reports.
Are you safe from security breaches into your valuable data? CED Solutions has training options for your IT employees to bring them up to speed on current security technology.
The security news site said it spoke to a fraud analyst at a major bank who said his team was able to buy a portion of the bank’s accounts from an online store advertised in cybercrime forums as a place where thieves can buy stolen cards.
The analyst was not identified, but said the purchase was made before Target admitted Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.
According to KrebsOnSecurity, there are hundreds of online stores selling stolen credit and debit cards from banks worldwide.
If the sites sell quality “dumps,” which is data stolen from the magnetic stripe on the backs of the cards, it can be used by thieves to clone the cards for use in stores. If the “dumps” contain the PIN numbers to those accounts, thieves can use cloned cards to remove cash out of victims’ bank accounts, KrebsOnSecurity reports.
To help reduce any unauthorized activity on Chase bank accounts, the company put some temporary restrictions on debit cards affected by the breach.
Chase contacted about 2 million affected debit card members Saturday and said they would be limited to a maximum of $100 cash withdrawals and $300 in purchases per day. Less than 10 percent of Chase customers are affected, said spokeswoman Kristin Lemkau.
The Target data theft is the second-largest credit card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos. That incident affected at least 45.7 million card users.
Target disclosed the theft a day after reports that the company was investigating a breach. The retailer’s data-security troubles and its ensuing public relations nightmare threaten to drive off holiday shoppers during the company’s busiest time of year.
Potential victims of credit card fraud tied to the breach said they had trouble contacting the Target through its website and call centers.
Angry Target customers expressed their displeasure in comments on the company’s Facebook page. Some even threatened to stop shopping at the store.
Target’s CEO Gregg Steinhafel apologized through a statement issued on Friday. The retailer also said it’s working hard to resolve the problem and is adding more workers to field calls and help solve website issues. And the discounter began offering 10 percent off for customers who shop in its stores on Saturday and Sunday and free credit-monitoring services to those who’ve been affected by the issue.
On Friday, Target reiterated that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.
There was no indication the three- or four-digit security numbers visible on the back of the card were affected, Target said. It also said Friday there was no indication that the stolen data included a customer’s birth date or social security number. The data breach did not affect online purchases, the company said.
Target also said it didn’t believe that PIN numbers to customers’ debit cards have been compromised.
Target hasn’t disclosed exactly how the breach occurred but said it has fixed the problem.
Target, which has almost 1,800 stores in the U.S. and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15. The company is teaming with a third-party forensics firm to investigate and prevent future problems.
The Associated Press contributed to this report.
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America. CED Solutions is a Platinum CompTIA Partner and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 490 students per day, with three buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.