Credit Card Breach at a Major U.S. Retailer – Are you one of the 40 Million Targeted?

If you’re one of the 40+ million people who went shopping this holiday season at Target, hackers may have stolen the information that’s carried on the magnetic strip of your credit or debit card attained from a data breach. The breach impacted customers who shopped in their U.S. stores from November 27th to December 15th according to a public statement made on their corporate website.

Now, let’s put this into perspective because 40 million people is a pretty significant number. This is more than the population of California. Imagine swiping everyone’s credit card info from San Diego to Eureka. This is massive.

This data breach also shows the type of hacker we could be facing: someone, or possibly a team of hackers, intelligent enough to launch this during the busiest shopping season. You just don’t decide one day to hack into a large retailer’s system that holds the credit card information of its valued customers. This was definitely a well-planned and well-coordinated system breach.

The giant retailer suggests that you monitor your statements for fraudulent activity and even contact each of the three major credit reporting agencies for copies of your credit report. This may remedy the situation, but unfortunately, it doesn’t eliminate it.
But can this problem even be eliminated? Can we build a better mouse trap?

In Europe and over 130 different countries, “Chip and PIN” security on credit cards is the standard. There is no magnetic strip where information can be “skimmed” as the card has an embedded microchip that requires you to insert it into the merchant’s reader and enter a PIN.

According to Bank of America, this type of card is much harder to copy or counterfeit. Some U.S. banks offer this type of technology, but primarily for customers who travel abroad where the Chip and PIN system is widely used. It hasn’t been implemented here in the States because of cost. It requires an entirely different new card reader, so rolling out Chip and PIN technology would cost over $5 billion dollars, and footing this bill would not be the credit card issuers, but the merchants.

Perhaps this is the new mousetrap that we’ve been waiting for? Unfortunately, due to an existing system that has been in place for years, as well as the exorbitant cost of changing such a system, we’re held back from defeating this type of threat. The fact is – you’ll need a significant credit card theft that will offset the cost of implementing an entirely new system throughout the U.S. for the industry to change.

Information theft is a huge thorn for both credit card companies and banks. It’s also a larger thorn for those who fall victim, as they directly experience loss of money, spend countless hours to constantly monitor credit reports for activity, etc. As other countries have adopted newer technology to combat credit card theft, this by default makes the U.S. the “low hanging fruit” for criminals to focus on.

So, until we can build that better mouse trap, I’m sure we’ll be hearing more about these types of breaches in the future. One can at least hope they’re not one of the 40 million Target customers impacted by this latest breach and will hopefully have a better holiday. Although it is the season of giving, nobody is willing to give away our information to the wrong hands.

David Hobbs

As Director of Security Solutions, David Hobbs is responsible for developing, managing, and increasing the company’s security practice in APAC. Before joining Radware, David was at one of the leading Breach Investigation Firms in the US. David has worked in the Security and Engineering arena for over 20 years and during this time has helped various government agencies and world governments in various cyber security issues across all sectors.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center