Target data flood stolen-card market

Investigators think that overseas hackers were responsible for the cyberattack on Target stores that compromised up to 40 million payment cards during the first three weeks of the holiday shopping season, a person familiar with the matter said Friday.

The person, who was not authorized to talk publicly about the matter, said government investigators do not think that the hackers had inside help.

Meanwhile, the blogger who first broke news of the breach, Brian Krebs, reported that data stolen from Target have begun flooding underground markets that sell stolen credit cards. reported Friday that cards stolen from Target were being offered at “card shops” starting at $20 each, up to more than $100.

A Secret Service spokesman declined to comment on the probe, which the agency is running.

Target spokeswoman Molly Snyder released a statement Friday that played down the initial impact from the breach. “To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation,” she said.

She said the stolen information was limited to data stored on the cards’ magnetic strips.

The hackers did not obtain PIN numbers used to access ATMs or the three- or four-digit security codes that are printed on cards to verify online purchases, Snyder said.

She said Target has provided exposed card numbers to Visa, MasterCard, Discover and American Express. Those companies are in turn providing the information to the financial institutions that issue them.

— Reuters

Also in Business

— From news services

Coming Next Week