Target reveals data breach compromised up to 40 million customer payment cards

Retail store chain Target Thursday confirmed it was hit by a massive data breach in which potentially 40 million customer payment cards and related information was stolen by attackers.

The incident first came to light yesterday in a news posting by independent security reporter Brian Krebs based on sources. Today, Target confirmed that it had indeed suffered a data breach, with Target CEO Gregg Steinhafel apologizing in a statement to customers, "We regret any inconvenience this may have caused."

+ Also on NetworkWorld: The Worst Security SNAFUS of 2013 | More on the breach: Target's statement to customers +

According to Target's statement today to customers on its website, customers who made credit or debit card purchases in U.S. stores from Nov. 27 to Dec. 15 may be impacted. "We began investigating the incident as soon as we learned of it," Target's statement says. "We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration data and CW (the three-digit security code)."

The retailer says it's working with a forensics firm to investigate the breach and try to prevent similar incidents in the future.

Target told customers "You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports." Target said any customers with questions should call them at 866-852-8680 or visit the Target website. Target in its statement said it had "moved swiftly to address this issue so guests can shop with confidence."

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Tags retailcybercrimelegalindustry verticalsTargetWide Area Network

Show Comments