Several weeks ago, right at the start of the holiday shopping season, Target Stores revealed that they’d been a victim of a cyber-attack that resulted in the theft of credit and debit card and private information over 110 million shoppers. Originally thought to have affected ‘only’ 40 million people, the numbers of victims has since been revised dramatically upwards as the forensic examination of the cyber-attack dug deeper into the systems at Target. It turns out that the attack probably wasn’t a sophisticated, orchestrated assault by a secretive criminal ring hidden in the bowels of Eastern Europe but instead it may have been the result of an opportunistic hacker and poor security practices by Target. According to the California security firm, IntelCrawler, the designer of the malware that infected Target’s systems was a 17 year old Russian national who lives in St. Petersberg.
In the days since revealing the attack publicly, Target has tried to mitigate the damage done to the credit worthiness of its customers by offering free credit monitoring and identity theft protection for a year to those who suspect they were victimized by the data breach. That hasn’t stopped lawyers in several states from stepping up and filing class-action lawsuits against the store chain, litigation which is bound to be tied up in the court system for years to come, especially now that damage can be proven: just this week, two Mexican nationals trying to cross the border into the U.S. were arrested with 96 cloned credit cards that some authorities suspect came from the information taken from Target. There are also other victims who claim that they are victims of identity theft because of the data stolen from the company.
Although Target’s data theft was very public and affected an unusually large number of people (practically a third of the US!), it’s not the first nor the last time that cyber criminals will successfully steal credit card data. In fact, another store chain, Neiman Marcus, admits that they, too, suffered a data breach but haven’t revealed the number of people affected yet. The credit card industry is now looking at upgrading the security on credit cards, primarily by issuing new cards with an embedded security chip that requires a PIN like countries outside of the U.S. routinely use to thwart this kind of theft. That said, there are a number of steps consumers should be taking to protect themselves, including checking their credit card transactions regularly, using monitoring services to track charges and other activities on their cards and reducing the number of cards they use.
You aren’t going to stop the bad guys from trying to steal your personal information, including credit cards, but at least you can be smarter about protecting yourself.