Skip to main content

Report: Stolen Target credit card numbers hitting black market

  • Author:
  • Updated:

At least some of the credit and debit card numbers that were comprised in a massive holiday shopping-season data breach are already being bought and sold on the black market, according to a security columnist.

“Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card,”, Brian Krebs, a former Washington Post reporter and cybercrime specialist who initially broke the data breach story, wrote in a lengthy update on his blog on Friday.

Krebs has been investigating the shady world of black market online "card shops" where thieves can sell stolen credit card data to other thieves who then create duplicate counterfeit cards.

Krebs writes that he has learned that bank fraud investigators have themselves gone undercover into the card shops and have been buying back stolen card numbers from their own customers. One thing the card numbers have in common: purchases made at Target from Nov. 27 and Dec. 15, Krebs writes.

Target Corp. confirmed the data breach Wednesday night, acknowledging that up to 40 million credit and debit cards of shoppers at stores nationwide were compromised between Nov. 27 and Dec. 15.

Target issued a new statement with updated information Friday. Target says:

– There have been very few reports of actual fraud since the breach.

– There is no indication that the thieves accessed PIN numbers from debit cards, card owner dates of birth, or the three- or four-digit numbers printed on the back of cards typically needed for purchases.

– Target customers will not be held liable for fraudulent purchases made as a result of the breach.

Target customers are trying to figure out what to do next – specifically, wondering whether they should cancel their cards.

Concerned customers overwhelmed Target's call centers, website and social media channels Thursday with inquiries. Many were unable to access Target REDcard accounts online or experienced long wait times over the phone.

The Star Tribune reports that one small institution, First Alliance Credit Union in Rochester, identified 859 of its 12,600 members as having used their cards at Target during the time in question, and now the credit union is seeking to replace all those customer cards, at a cost of roughly $5 a card.

Another Minnesota bank went as far as canceling the debit cards of 180 customers, KARE 11 reports. Wadena State Bank issued new cards to the customers whose records showed they used their cards at Target during the breach period.

Next Up


Charges: Driver had been drinking at party before striking teens, killing one

The victims were walking home from Walmart at the time of the crash, according to court documents.

Screen Shot 2023-01-30 at 4.32.08 PM

State: Beltrami County Jail conditions present imminent risk of 'life-threatening harm'

The state is taking action to force changes at the Beltrami County Jail.


Tributes to 15-year-old girl killed in Burnsville crash

The teenager was a student at Burnsville High School.

police lights

Charges: New Ulm couple abused young children with cruel punishments

Warning: The following contains upsetting details about child abuse.

Screen Shot 2023-01-30 at 1.18.29 PM

Boy reels in 9.5lb walleye, wins pickup truck at Brainerd ice fishing tourney

Contestants come from all over the country compete in the annual event held in Brainerd.


Arrowhead 135 ultramarathon in northern MN kicks off in -25F temperatures

The race is considered one of the 50 most challenging races in the world.