Target: 40M accounts may be compromised


December 20, 2013 at 12:00a.m.

Associated Press

Target is grappling with a data security nightmare that threatens to drive off holiday shoppers during the company’s busiest time of year.

The nation’s second-largest discounter said Thursday that data connected to about 40 million credit- and debit-card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The data theft marks the second-largest credit-card breach in the U.S. after retailer TJX Cos. announced in 2007 that at least 45.7 million credit- and debit-card users were exposed to credit-card fraud.

Target’s acknowledgement came a day after news reports surfaced that the discounter was investigating a breach.

The chain said customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed. The stolen data includes customer names, credit- and debit-card numbers, card expiration dates and the three-digit security codes located on the backs of cards.

The data breach did not affect online purchases, the company said.

The stolen information included Target store-brand cards and major card brands such as Visa and MasterCard.

The Minneapolis company, which has 1,797 stores in the U.S. and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach Dec. 15. The company is teaming with a third-party forensics firm to investigate and prevent future breaches.

The breach is the latest in a series of technology crises for Target. The company faced tough criticism in late 2011 after it drummed up hype around its offerings from Italian designer Missoni only to see its website crash. The site was down most of the day the designer’s collection launched. The company angered customers further with numerous online delays for products and even order cancellations.

But the credit-card breach poses an even more serious problem for Target and threatens to scare away shoppers who worry about the safety of their personal data.