Weather Authority Alert

UPDATE: Bank, Wis. man file class-action suit vs. Target

UPDATED Saturday, February 15, 2014 --- 7:44 p.m.

MADISON, Wis. (AP) -- A class-action lawsuit against Target Corp. over last year's security breach has been filed by a Wausau bank and a Fitchburg man.

The Wisconsin State Journal reports ( ) that similar lawsuits have been filed in other states, but this is the first of its kind to be filed in Wisconsin.

The lawsuit was filed Thursday in U.S. District Court in Madison. The plaintiffs are seeking restitution for customers and compensation for banks that are re-issuing cards and monitoring bank accounts for fraud.

The breach gave hackers access to information credit and debit cards and personal data for about 70 million customers.

Target did not immediately respond to the newspaper's request for comment.

Copyright 2014: Associated Press
UPDATED Wednesday, January 29, 2014 --- 12:02 p.m.

WASHINGTON (AP) — Attorney General Eric Holder says the Justice Department is committed to tracking down the thieves who stole information from millions of customers of Target Corp.

In an appearance Wednesday before the Senate Judiciary Committee, Holder said that the government also will hunt down any people and groups that exploit the stolen data through credit card fraud.

Hackers stole about 40 million debit and credit card numbers in the pre-Christmas data heist. They also took personal information — including email addresses, phone numbers, names and home addresses — of another 70 million people.

Minneapolis-based Target says it is working with the Secret Service and the Justice Department in response to the data breach.

Copyright 2014 The Associated Press.


UPDATED Thursday, January 16, 2014 --- 5:02 p.m.

NEW YORK (AP) -- The security breach that hit Target Corp. during the crucial holiday season seemed to be part of a broader scam that affected several retailers, according to a report published by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.

The report, released Thursday by iSight Partners of Dallas, offers more insight into the breach at Target, which affected 40 million credit and debit card accounts and stole the personal information of as many as 70 million customers.

The report confirms that a malicious software that infiltrated the point of sale system at the registers was "almost certainly derived" from BlackPOS, a crude but effective software product.

Last week, Neiman Marcus said it was hit by a security breach over the holidays.

Copyright 2014 The Associated Press.


UPDATED Friday, January 10, 2014 --- 3:30 p.m.

NEW YORK (AP) — Target says more people than it first thought were affected by a data breach it revealed last month, and more kinds of personal information have been compromised.

The nation's second-largest discount chain says an investigation has found that hackers stole personal information from as many as 70 million customers.

Last month, the company said the breach affected about 40 million credit and debit cards used in its stores between Nov. 27 and Dec. 15. It now says shoppers who made purchases outside that time frame could have been targeted.

Target originally said thieves obtained customers' names, credit and debit card numbers, expiration dates, PINs and the embedded code on the magnetic strip on the back of cards. It now says information stolen also includes phone numbers, mailing addresses and email addresses.

The company says customers won't be liable for the cost of any fraudulent charges stemming from the breach. And it says it will offer a year of free credit monitoring and identity theft protection to people who shopped at its stores.

Copyright 2014 The Associated Press.

For more from Target, click HERE.


UPDATED Friday, January 10, 2014 --- 9:40 a.m.

NEW YORK (AP) — Target says that personal information — including phone numbers and email and mailing addresses — was stolen from as many as 70 million customers in its pre-Christmas data breach. That was substantially more customers than Target had previously said were affected.

The chain also cut its fourth-quarter adjusted earnings forecast and outlook for a key sales barometer.

Target had announced in December that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15 — just as the holiday shopping season was getting into gear.

The retailer said Friday that the personal information stolen is not a new breach, but was discovered during its ongoing investigation.

Target Corp.'s stock fell in Friday premarket trading.

Copyright 2014 The Associated Press.


UPDATED Friday, December 27, 2013 --- 11:43 a.m.

ATLANTA (AP) -- Target says that customers' encrypted PIN data was removed during the data breach that occurred earlier this month.

The company issued a statement Friday that additional forensic work has shown that encrypted PIN data was removed along with customers' names and card numbers. But Target says it believes the PIN numbers are still safe because the information was strongly encrypted. It says the PIN can only be decrypted when received by its independent payment processor.

A PIN number is the personal identification code used to make secure transactions on a credit or debit card.

Data connected to about 40 million credit and debit cards used at Target were stolen between Nov. 27 and Dec. 15.

Minneapolis-based Target says it is still in the early stages of investigating the breach.

Copyright 2013: Associated Press


UPDATED Friday, December 27, 2013 --- 11:38 a.m.

NEW YORK (AP) -- Target says encrypted debit card PIN data was stolen in the Black Friday weekend security breach.

The company is "confident that PIN numbers are safe and secure" despite the security breach.


UPDATED Thursday, December 19, 2013 --- 10:46 a.m.


Target said Thursday that the credit and debit card information of as many as 40 million customers was compromised over three weeks of the holiday shopping season — one of the largest breaches ever of American consumer data.

The breach, which extended to almost all Target stores in the United States, captured data stored on the magnetic stripes of the cards that customers swipe at the cash register, according to Krebs on Security, a respected data security blog.

Krebs, which broke the story Wednesday, cited sources from two top card companies.

Target said that the information compromised included customer names, card numbers, expiration dates and the short verification codes known as CVVs — everything an attacker would need to create a counterfeit card.

The breach happened from Nov. 27, one day before Thanksgiving, through Dec. 15, a period that includes Black Friday and some of the busiest shopping of the calendar, Target said in a press release.

Target said that it had alerted authorities and banks, and that the issue was “identified and resolved.” Still, it encouraged customers to look over their account statements and obtain credit reports. Target did not say how it might have happened.

“It is very clear it is a sophisticated crime,” Molly Snyder, a spokeswoman for the company, told Reuters.

At up to 40 million customers, the breach ranks among the biggest in U.S. corporate history. In 2007, the data of more than 45 million customers was stolen from stores including T.J. Maxx and Marshalls.

Last year, the Barnes & Noble bookstore chain said that someone had planted software in PIN pad devices at 63 of its stores in nine states to steal the data from magnetic card stripes. The company responded by taking PIN pad devices out of all its stores.

And in 2011, a hack exposed the credit card information of 100 million user accounts on the Sony PlayStation video game network.

Target, with almost $72 billion in U.S. sales last year, is the third-largest store in America, trailing only Walmart and the Kroger grocery store chain. Target has about 1,800 stores in the United States.

Krebs on Security reported that the breach hit only customers who shopped at physical Target stores, not online. The blog cited reliable sources familiar with the matter.

The information from magnetic stripes, known as “track data,” is valuable on the black market. It would allow criminals to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If PIN codes were also intercepted, that would allow criminals to withdraw the cash of unsuspecting customers from ATMs.

Krebs quoted an anti-fraud analyst at one of the 10 biggest bank-card issuers as saying that “we do see customers all over the U.S. that were victimized.”

Target said that its investigation includes working with a third-party forensics firm.

The company said that customers who made purchases at its U.S. stores during the three weeks in question should call them at 866-852-8680, or seek copies of their credit reports from the agencies Equifax, Experian and TransUnion.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” said Gregg Steinhafel, Target’s president and CEO.

“We regret any inconvenience this may cause,” he said. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Data breaches are expensive for retailers. TJX Cos., which operates T.J. Maxx and Marshalls, paid $9.75 million in a settlement with states in June 2009, although the company said at the time that it believed it did not violate any consumer protection or data security laws.

The breach comes as retailers struggle to lure customers, cautious because of flat wages and an uncertain economic recovery, to stores during the holiday shopping season.

Recent surveys have already shown that online shopping could become the top choice for consumers this holiday season. Customers prefer the lower prices and the convenience of shopping at any time from home.


UPDATED Thursday, December 19, 2013 --- 6:30 a.m.

MINNEAPOLIS (AP) -- Target says about 40 million credit and debit card accounts may have been affected by a data breach.

The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15.

The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.

Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.

Target has 1,797 U.S. stores and 124 in Canada.

Copyright 2013: Associated Press


Posted: Wednesday, December 18, 2013 --- 7:50 p.m.

NEW YORK (AP) -- The Secret Service says it is investigating a credit- and debit-card data theft at Target stores.

Secret Service spokesman Brian Leary confirms the agency is investigating, but declined to provide further details.

Minneapolis-based Target Corp. did not respond to requests for comment. A MasterCard representative referred questions to Target.

Target has 1,797 stores in the U.S. and 124 in Canada.

Copyright 2013: Associated Press

Comments are posted from viewers like you and do not always reflect the views of this station.
powered by Disqus
NBC15 615 Forward Drive Madison, Wisconsin 53711 Business: 608-274-1515 Newsroom: 608-274-1500
Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 236480251 -
Gray Television, Inc.