The U.S. Secret Service is investigating a reported security breach at Target stores, which might have revealed millions of customers’ credit and debit card data to thieves.
Target spokespeople say the company is also investigating, but as of Wednesday night, the Minneapolis-based retailer had issued no explanation of what happened.
Journalist Brian Krebs, who specializes in computer security, reported Wednesday that several sources say the breach involved nearly all of Target’s stores nationwide. It impacts customers who shopped at Target between Black Friday and Sunday December 15th.
Some Target customers in Fremont say they’re surprised by the news.
“I come at least four to five times and I always buy by American Express, I always use my card,” said Hasiba Marmash of Fremont.
“I’m just kind of shocked that Target would have this,” said Yanan Chen, also of Fremont.
Silicon Valley expert Raj Ramanand is CEO of Signifyd, a tech company that specializes in computer security and helping retailers avoid falling victim to fraudulent transactions.
“I think there’s three, potentially three options of what could have happened,” Ramanand told KTVU.
He says the first possibility is that thieves could have placed skimming devices on credit card readers in Target stores. So called skimmers are intended to capture credit card data with each swipe. The skimmer will either store the stolen data for later retrieval from the device, or send it to the criminals through a network or wireless connection.
Ramanand says a second possibility is more likely, that is, computer hackers succeeded in infiltrating Target’s payment system.
“They’re starting to put Malware on point of sale systems,” Ramanand said.
He says this holiday season one such Malware program called “Dexter” was discovered diverting transaction information to thieves through online networks.
“It was software sitting on the point of sale, and it then it reported back to a central server saying I got the transaction, here’s the credit card number here’s everything else associated with it,” Ramanand told KTVU.
Ramanand says the third possibility is the more conventional case of someone hacking into Target’s central server where credit and debit card data are stored.
Whatever the case, Ramanand says it’s a crime that likely will become more common.
“There are underground economies that really run on this marketplace of stolen credit cards,” he said.
So far, it appears that no online shoppers were affected by the breach.