Skip to main content

Target: Customer data breach affected up to 40M cards

  • Author:
  • Updated:

Target Corp. is investigating a massive customer data breach that may have affected up to 40 million credit and debit cards of holiday-season shoppers at stores nationwide between Nov. 27 and Dec. 15.

The news was first reported late Wednesday by security columnist Brian Krebs on his website Krebsonsecurity. He said the breach involved magnetic stripe "track data" containing private customer information.

The data allow thieves to create counterfeit cards, and if PIN numbers for debit cards were also intercepted, those phony cards could be used to withdraw cash from ATMs.

Krebs reported the breach extends to nearly all Target locations nationwide. Target has nearly 1,800 U.S. stores.

Krebs advises shoppers to carefully watch their credit card statements for bogus charges. He said they should notify the bank that issued their cards in order to prevent being liable for any fraud.

The Minneapolis-based retailer confirmed the report in a statement, noting, "Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue." Among other actions, "Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident."

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” Gregg Steinhafel, chairman, president and chief executive officer, Target, said in the statement.

The New York Times reports the Secret Service is among the agencies investigating the breach that began two days before Black Friday, the traditional kickoff for the holiday shopping season.

The Times notes that a similar breach of point-of-sale systems affected Barnes & Noble stores last year. Shoppers at 63 Barnes & Noble stores nationwide were affected, the newspaper notes.

American Express and Discover officials said they were "aware" of the incident and had fraud controls in place, CNN reported. A Master Card spokesman told USA Today that a question about the breach "at this point is best directed to Target."

Krebs noted that there are no indications yet that the breach affected customers who shopped at Target's online stores.

Twin Cities retail analyst Jim McComb told the Pioneer Press, "Presuming this is all true, it's probably one of the most serious things you can have happen, because it affects not only your store operations, it affects the lives and financial security of your customers."

McComb added the big worry is about any stolen data, but there's also the hassle of losing access to a credit or debit card during the busiest shopping week of the year.

It remains to be seen if the news will hurt Target sales in the final run-up to Christmas, the Star Tribune notes. The newspaper also notes that the biggest credit card breach at a U.S. retailer is believed to have been in 2007, when the parent company of TJ Maxx and Marshalls reported 45.7 million cards had been stolen by hackers over 18 months.

The Christian Science Monitor has the top 5 worst data breaches in terms of actual cost.

A sampling of reaction from the Twittersphere:

Next Up

Screen Shot 2023-01-30 at 9.31.03 AM

Old Navy closes Eagan store

There's another change in store for the popular Eagan strip mall.


Charges: Man shot victim in leg outside a Cowboy Jack's

Corey Ryman allegedly chased another man around a parking lot before shooting him.

police lights squad car dark - Unsplash

Man shot in both feet after interrupting vehicle break-in in St. Paul

The incident happened just before 10 p.m. Saturday.


Cook County — The cure for cabin fever

Come bask in the quiet of this peaceful winter getaway.

Screen Shot 2023-01-29 at 1.54.31 PM

Missing: Minnesota man last seen in Sioux Falls area

Aaron Pearson, 41, was reported missing on Thursday.

Screen Shot 2023-01-27 at 7.45.44 PM

Protest for Tyre Nichols to be held outside MN Governor’s Mansion

Activists groups say they’ll call on Gov. Tim Walz and the Legislature to implement police reforms.


Minnesota pool contractor banned from industry, must pay $2 million-plus

Minnesota Attorney General Keith Ellison filed suit against Charles Workman and his company, MN Crete Pools, LLC, in August.

Minneapolis police

St. Paul man identified as victim of north Minneapolis homicide

The shooting occurred on the 2200 block of Emerson Avenue North on Wednesday.