"Target Admits Massive Credit Card Breach; 40 Million Affected
Shoppers weren’t the only ones rooting through Target stores the week of Thanksgiving. The giant retailer acknowledged this morning that intruders penetrated its systems beginning the day before the holiday, and maintained access for more than two weeks, potentially stealing the credit and debit card details of an estimated 40 million customers.
The breach, which was first reported by security journalist Brian Krebs on Wednesday, continued through December 15 and may have affected all locations nationwide. Customers who shopped through Target’s online storefront are not believed to have been affected.
The thieves breached the point-of-sale system (POS) and stole customer magstripe data, including names, credit or debit card numbers, expiration dates and everything else needed to make counterfeit cards. Target did not indicate if PIN numbers were also taken, which would allow the thieves to use the account data to withdraw cash from ATMs.
It’s unclear how the breach of the point-of-sale system occurred. It’s possible the thieves installed malware on the card readers at stores or breached the transaction network and sniffed data at a point that it was not encrypted."
(continued)
http://www.wired.com/threatlevel/2013/12/target-hack-hits-40-million/