Target (NYSE:TGT) announced Thursday morning that it identified and resolved the problem involving stolen data from about 40 million of its customers’ credit and debit cards over a three week period, but the retailer’s problems are far from over. According to American Banker, the thieves are now selling the card account information as fast as they can on underground sites, and for them, time is of the essence, because the U.S. Secret Service is already on the case, financial institutions are already thinking about canceling cards, and some cards are already due to expire. Security blogger and expert Brian Krebs explains, “The guys who stole them can’t offload them fast enough, because 5-10 percent of [the cards] are about to expire. There’s a fire sale going on right now — they lose value for every day they don’t sell them.”
It is still unclear how hackers got the card information, but Target knows that 40 million accounts from shoppers who visited Target between November 27 and December 15 were compromised, and the criminals were able to obtain basic account data listed on the magnetic stripes of the cards, including name, account number, and card expiration data. Krebs first leaked the news of the security breach on Wednesday night, and then Target confirmed the news Thursday morning, leading to a drop of Target shares in pre-market trading.
According to American Banker, Target won’t release information explaining how it was hacked until the retailer is confident the security breach can’t happen again. But unfortunately, considering the attack affected all of Target’s 1,800 stores, that could take a while — and consumers may decide to avoid Target locations until the complications are worked out. Brian Sozzi, CEO of Belus Capital Advisors, explained to Reuters Thursday, “While this search for the truth is happening, the issue damages the trust Target have gained in mobile and calls into question how sales trend in January.”