(USA Today)-- Target warned consumers Thursday to monitor their statements for unauthorized use after a massive data breach involving 40 million credit and debit cards used in its stores from Black Friday through Dec. 15.
The information obtained included customer names, credit or debit card numbers, the cards' expiration dates and the three-digit security code, known as the CVV, on the back of cards, the retailer said.
Security expert: Target customers should cancel cards
Target spokesman Eric Hausman confirmed it has "no indication that debit card PINs were impacted."
Data breaches of this sort appear to be a growing problem among retailers. Along with a well-publicized and highly litigated case in 2006 involving 46 million shoppers at TJX's stores, Michael's, Stop & Shop, Aldi and Subway have been hit with similar breaches in recent years.
"It's pretty significant," says Siobhan MacDermott, chief policy officer at computer security firm AVG Technologies. She says the Target breach is one of the largest in what has become a steady drumbeat of high-profile data thefts over the past decade. As more retailers such as Target rely on data and glean more customer information, they increasingly become the targets of organized crime groups.
Often, digital break-ins are reported belatedly because victims discover them days later. In many cases, the online heists go undetected. Consumers usually are notified through letters from their credit card issuers and banks, MacDermott says.
Increasingly sophisticated fraudsters can replace checkout line credit and debit card readers with ones that wirelessly transmit data to banks but also the criminals. Breaches as large as Target's are more likely to involve network or software breaches, perhaps when an employee of the company or a contractor provides access to the "back door" of the system, says longtime retail crime expert Joe LaRocca, former head of loss prevention for the National Retail Federation.
The access can be done intentionally or unwittingly, LaRocca says.
"In my opinion, someone found a way to manipulate the system to extract the numbers," says LaRocca, founder of RetaiLPartners, a loss prevention consulting company. "When a network intrusion occurs, typically a vulnerability is discovered and may involve some Inside collusion. Someone opened the back door or carelessly left the back door open" by not using proper security practices.
Target said it began investigating the incident as soon as it learned of it but didn't disclose when that was. The problem was first reported on a blog by security expert and former reporter Brian Krebs.
A third-party forensics firm is working with Target to investigate the incident and to determine what else the retailer can do to prevent the problem.
Retailers are struggling to stay ahead of the criminals in this area, experts say.
"The Target situation illustrates the growing problem with identity theft, which is how ordinary folks are often the real targets of hackers who go after these big companies," says Adam Levin, chairman of Identity Theft 911 and Credit.com. "No matter how safe any individual person is with their data, customer databases like Target's represent a nearly irresistible source of people's personal information - and their hard-earned money - to hackers than going after individuals one by one."
How to prevent and detect card fraud:
•Regularly review credit card and bank statements for possible misuse.
•Monitor free credit reports.
•Report suspicious activity to credit card companies or financial institutions immediately.
•Contact the Federal Trade Commission or law enforcement with any reports of identity theft or to learn about steps you can take to protect yourself from identity theft.
•Get credit reports from each nationwide credit reporting agency. You can get one free a year from each of these under law: Experian, TransUnion and Equifax. Request that any fraudulent transactions be deleted.
Consumers concerned about this type of thing happening to them can place a fraud alert on their credit report file to help protect their credit information, says Lisa LaBruno, senior vice president of retail operations for the Retail Industry Leaders Association.
Fraud alerts can make it more difficult for someone to get credit in the consumer's name because it tells creditors to follow certain procedures to protect the consumer. As soon as the credit reporting agency processes a fraud alert, it will notify the other two agencies, which then must also place fraud alerts in the consumer's file. Doing this can delay a consumer's ability to obtain credit.
"This sort of hacking is absolutely on the rise, as the tools are more readily available for even novice hackers to utilize in their efforts to crack open companies' computer systems," Levin says. "With a data breach of this type, the rewards - your money - are so great that it can only continue to increase."
Check out some of our most read stories from 2013:
#shortyellows: Florida quietly shortened yellow lights
Terrorism Warning: Memo says terrorists practicing dry-runs on Florida flights
Kittens shot: Officer shoots kittens in front of children
Courtroom apology: Woman apologizes for flipping off judge
Weird ice: Strange, giant circles appear on frozen pond
Controversial Club: College student organizes "White Student Union"
CFO Trouble: School administrative chief in trouble over her porn sex blog
Warning Shot Wife: Mother gets 20 years for firing warning shots at abusive husband
Science Arrest: Teen girl arrested over science project explosion
Wait, WHAT?? Dog shoots man in the leg with a handgun
Popular photo galleries:
Faces of Meth: Devastating before and after photos of meth abusers
Trayvon Martin Shooting: Trayvon Martin crime scene photos and George Zimmerman injury photos
Hooters Winners: Winners of the 2013 Hooters swimsuit pageant
Rejected: Funny Florida license plates rejected by the DMV***warning graphic***
Deadly sinkhole: Home collapses, man dies in giant sinkhole
Florida Sex Offenders: Look up sex offenders in any Florida neighborhood here
Restaurant Inspections: Look up inspection reports for any Florida restaurant here