UPDATED: Target Customers Targeted in Massive Data Breach
If you've shopped at a Target store in the past month, your credit and/or debit card may have been exposed in a massive data breach.
Holiday shoppers beware: Hackers have broken into the databases of retail superstore Target and made off with approximately 40 million credit and debit card accounts used in Target's stores between Nov. 27 and Dec. 15, 2013.
Anyone who has used a credit or debit card at a physical Target location within that time should assume that their accounts have been compromised.
MORE: 13 Security and Privacy Tips for the Truly Paranoid
The breach was first reported by security expert and blogger Brian Krebs on Dec. 18, and later confirmed by Target on Dec. 19. One of Krebs' sources said that: "When all is said and done, this one will put its mark up there with some of the largest retail breaches to date."
Target says the stolen account information consists of the customer's name and credit or debit card number, as well as the card's expiration date and CVV (three-digit security code).
According to Krebs' sources, the stolen account information comes from the so-called "track data" stored on a credit or debit card's magnetic stripe. The CVV stored on a card's magnetic stripe is different than the one printed on the card itself, however. So in this case the thieves wouldn't be able to use a stolen account to make online purchases (which require the printed CVV) but they could use the stolen data to forge new credit cards by encoding the track data on a new magnetic stripe, Krebs speculates.
It's not clear if the breach includes PIN numbers associated with debit cards used at Target, but if so, the thieves could use those as well to make unauthorized cash withdrawals. In October, Adobe admitted that hackers had stolen 150 million account credentials, compromising the emails and passwords of more than 38 million individual users.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
In May, open-source content management system Drupal was hacked, and almost 1 million users' email addresses, passwords and other personal information was stolen.
If you believe you have been affected by Target's data breach, contact your credit card company immediately and check for any unfamiliar expenses. You can also obtain a credit report from a nationwide credit reporting agency such as Equifax, Experian or TransUnion, and ask for a "fraud alert" to be applied to your account. This requires creditors to take extra steps to verify your account, making it more difficult for anyone, including you, to obtain credit.
You can also contact Target directly at 866-852-8680 or see Target's official statement for state-by-state recommendations.
Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.
Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.