Target confirms breach: 40 million accounts affected

Summary:Customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code) were breached, the retailer said.

Target on Thursday confirmed that its payment card data was compromised in its stores with 40 million accounts affected.

The retailer was confirming a report Wednesday that the breach had occurred. The breach was first reported by Krebs on Security. Customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code) were breached, according to a letter to customers.

According to the company, 40 million credit and debit cards were breached between Nov. 27 and Dec. 15. Target said it alerted law enforcement and financial institutions immediately. The company added that it has "identified and resolved the issue."

Target added that it is working with a third-party forensics firm to investigate the incident.

Security experts raised eyebrows at the fact CVV codes were breached. 

Forrester analyst John Kindervag said:

This is a breach that should've never happened. The fact that three-digit CVV security codes were compromised shows they were being stored. Storing CVV codes has long been banned by the card brands and the PCI SSC. Without knowing the exact breach vector it's hard to say exactly what happened, but clearly by exposing CVV information target has demonstrated a blatant disregard for PCI DSS compliance regulations as well as card security best practices.

It's a brand disaster at the busiest shopping time of the year.


Also see 10 innovation takeaways with Target CIO Beth Jacob

Topics: Security


Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.