Investigators think that overseas hackers were responsible for the cyberattack on Target stores that compromised up to 40 million payment cards during the first three weeks of the holiday shopping season, a person familiar with the matter said Friday.
The person, who was not authorized to talk publicly about the matter, said government investigators do not think that the hackers had inside help.
Meanwhile, the blogger who first broke news of the breach, Brian Krebs, reported that data stolen from Target have begun flooding underground markets that sell stolen credit cards.
KrebsOnSecurity.com reported Friday that cards stolen from Target were being offered at “card shops” starting at $20 each, up to more than $100.
A Secret Service spokesman declined to comment on the probe, which the agency is running.
Target spokeswoman Molly Snyder released a statement Friday that played down the initial impact from the breach. “To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation,” she said.
She said the stolen information was limited to data stored on the cards’ magnetic strips.
The hackers did not obtain PIN numbers used to access ATMs or the three- or four-digit security codes that are printed on cards to verify online purchases, Snyder said.
She said Target has provided exposed card numbers to Visa, MasterCard, Discover and American Express. Those companies are in turn providing the information to the financial institutions that issue them.
●The Senate cleared the way for Janet Yellen to succeed Ben S. Bernanke as head of the Federal Reserve. Senators voted 59 to 34 Friday to end debate on President Obama’s nomination of Yellen. Approval is expected Jan. 6, the day the Senate returns from winter recess.
●Deutsche Bank said Friday that it will pay $1.9 billion to settle claims that it defrauded Fannie Mae and Freddie Mac in the sale of mortgage-backed securities before the 2008 financial crisis. The deal, negotiated by the Federal Housing Finance Agency, is the second-largest regulatory settlement over claims that banks engaged in fraud in packaging and selling mortgage-backed securities, after a $13 billion deal with JPMorgan Chase.
●Archer Daniels Midland has agreed to pay $36.5 million to the Securities and Exchange Commission to resolve allegations it bribed officials in Ukraine to win tax refunds. ADM paid about
$22 million to Ukrainian government officials to win more than $100 million in tax refunds, in violation of U.S. anti-bribery laws, the SEC said Friday in a complaint filed with the proposed settlement in federal court in Urbana, Ill.
●AT&T said it will publish reports on the number of requests for customer information it receives from law enforcement agencies, the latest move in the telecommunications industry toward fuller disclosure amid debate over government surveillance programs. The announcement Friday by the nation’s largest telecom company came a day after rival Verizon Communications said it will make public the legal demands it has received.
●Mathew Martoma, the latest employee of Steven A. Cohen’s SAC Capital Advisors to face trial on insider-trading charges, lost a bid Friday for a two-week delay of his trial, scheduled to start Jan. 6. Martoma’s attorney, Roberto Braceras, told U.S. District Judge Paul G. Gardephe in New York that the conviction of SAC portfolio manager Michael Steinberg on Wednesday had ignited a new round of media reports that often mentioned Martoma, raising the possibility that jurors could be tainted by the coverage. In rejecting the request, Gardephe said: “The fact of the matter is, there is a piece of news about SAC nearly every day.”
●Bethesda-based Lockheed Martin has won a contract valued at as much as $562 million to provide nine months of support, logistics and modifications for the F-22 stealth fighter jet, the Pentagon announced Friday. The contract, which includes reliability and maintainability upgrades, runs through Sept. 30, it said in a daily digest of major weapons contracts.
— From news services
●Monday: Personal income data for November released.