Nationwide retail giant Target is investigating a data breach potentially involving millions of customer credit and debit card records, multiple reliable sources tell KrebsOnSecurity. The sources said the breach appears to have begun on or around Black Friday 2013 — by far the busiest shopping day the year.
According to sources at two different top 10 credit card issuers, the breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores.
Both sources said the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week — possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s bricks-and-mortar stores during that timeframe.
Interestingly enough this supposed breach happened at the brick and mortar stores of the chain rather than the online space.
It’s a worst case scenario for a retailer at the worst time of the year.
What does this do the image of a retailer? Do you feel concerned about shopping there? I have to be honest, I have been to Target during that time and it makes me nervous. Reputations are more fragile than ever (check out Andy Beal’s reputation series at the Trackur blog to learn a lot more) and companies need to do everything they can to protect it. We live in the era of big data but what seems to be happening is that is data is leading to big mistakes.
We live in a dangerous age. If you don’t admit it then it will get your business …… sooner or later.