National Jeweler Network

Market Developments

40M could be impacted by Target data breach

December 20, 2013

"Retailers ... can better navigate the situation if they have a plan and protocol in place to address a breach if and when it happens."

Minneapolis--It couldn’t have come at a worse time. Target Corp. confirmed Thursday that there was unauthorized access to the credit and debit card data of shoppers who made purchases in its U.S. stores over the past month.

The Minneapolis-based retailer said the breach could affect shoppers who used a credit or debit card for purchases in its stores across the country between Nov. 27 and Dec. 15, a prime period for shopping that includes Black Friday.

Target estimates that nearly 40 million consumers could be involved.

The information involved in the incident includes customer name, credit or debit card number, expiration date and the CVV, the three-digit security code on the back of the card.

Though Target gave no information in the statement issued Thursday about how the data was obtained, The Wall Street Journal reported that the theft may have involved tampering with the machines that shoppers use to swipe their cards when making a purchase, gaining access to the data through the magnetic strip on the back.

Target did not respond to a request for additional information.

The company said in the statment that it alerted authorities and financial institutions immediately after it was made aware of the breach, and that it has resolved the issue. Target also said that it’s working with a third-party forensics firm to conduct an investigation into the issue.

"Any time an organization finds itself a victim of a data breach, it puts its brand and reputation at risk because it can significantly damage consumer trust,” says Daren Orzechowski, a New York-based partner at law firm White & Case who focuses on information technology matters. “For retailers, something like this is terrible, but they can better navigate the situation if they have a plan and protocol in place to address a breach if and when it happens. The last thing a business wants to do is to scramble to first come up with a remedy after the breach has occurred.”

Additional information about the unauthorized access is available on Target’s website.