Scammers looking to capitalize on massive Target breach

Share this article:

In the wake of the massive Target attack that allowed hackers to claim 40 million credit and debit cards and CVV codes in a few weeks, officials with the retail giant have now confirmed that related phishing communications have begun making the rounds.

It is very common for phishers to concoct schemes to scam people impacted in data breaches, particularly because they can capitalize by taking advantage of nerves and paranoia in the midst of a potentially confusing and scary situation.

“We are aware of limited incidents of phishing or scam communications,” according to a post on the Target website. “To help our guests feel confident that what they are hearing from Target is really from us, we are in the process of setting up a dedicated resource on our corporate website where we will post PDFs of all official communications that Target sends to our guests.”

Meanwhile, Target is denying all claims that encrypted personal identification numbers (PINs) were compromised in the attack, despite a Christmas Day Reuters report in which an anonymous “senior payments executive familiar with the situation” indicated otherwise.

“We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised,” Molly Snyder, a Target spokeswoman, told Reuters by email. “And we have not been made aware of any such issue in communications with financial institutions to date. We are very early in an ongoing forensic and criminal investigation.”

Target has yet to reveal exactly how hackers were able to steal the cards, but several experts have suggested that the cyber crooks compromised the retailer's point-of-sale (POS) devices. Cards have already begun turning up for sale in underground online marketplaces.

UPDATE: According to a Friday statement posted on the Target website, further investigations revealed that encrypted PIN data was obtained during the attack. “Target does not have access to nor does it store the encryption key within our system,” according to the release. “The PIN information is encrypted within Target's systems and can only be decrypted when it is received by our external, independent payment processor.”
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.