Black Friday shoppers pour into Target in Lake Charles. (Rick Hickman / Special to the American Press)
Last Modified: Monday, December 30, 2013 12:49 PMDuring Target’s data breach earlier this month, information associated with an estimated 40 million credit and debit card numbers used at the retailer was stolen between Nov. 27 and Dec. 15. The massive breach is believed to be the second-largest of its kind in U.S. history. In the early 2000s, T.J. Maxx’s data system was similarly compromised. With nearly 1,800 locations across the U.S. including one in Lake Charles, the data breach might have affected residents all over southwest Louisiana.
The data involved in the incident included the customer’s name, credit or debit number, the card’s expiration date and the security code. Debates still rage over whether PIN numbers, encrypted or unencrypted, were stolen during the breach.
Paul Hartwick, a spokesman for JPMorgan Chase Bank, N.A., was one of the first bank representatives to speak publicly in an interview after the incident. The bank, which does business under the name Chase, is one of the largest credit card issuers in the U.S.
“The best way to figure out whether your account has been breached is keep an eye on your account. Look for transactions you don’t recognize. The good news is that Chase and many other banking institutions will not hold you liable for these charges,” Hartwick said.
Still, personal banking information from millions of Target customers is floating around the internet and finding its way onto underground websites known for selling that type of information. These black market sites are known as “card shops,” stores in cybercrime forums known as places where people can buy credit and debit card information. The sites are often quickly taken down, moved and renamed so the content creators can avoid any type of prosecution.
Two of the remaining functioning sites selling this information, much of it coming as a result of the Target data breach, are kaddafi.hk and octavian.su. Both sites require creating a login and password before being able to access any of the information. As of Saturday afternoon, both of the sites were functioning.
One of the sites, kaddafi.hk, has a reputation for selling quality “dumps,” data stolen from the magnetic strip on the backs of debit and credit cards. Once logged in, the user can search for card information by selecting the bank, searching a portion of the card number or even by the city the information came from. On this particular site, Lake Charles was an option in a drop down menu listing dozens of locations.
Sulphur resident Lane Matte reached out to the American Press after hearing about the websites. Even though he didn’t shop at Target this year, he said he knew family and friends that used the retailer, and he was concerned they may have been victimized. He also said he wanted to spread the information to as many local residents as possible.
“The day I saw the website, there were 10 pages of 50 cards from Lake Charles,” Matte said about one of the now defunct websites. “So there were over 500 cards on there from the area.”
On kaddafi.hk, there were seven pages of 50 cards when selecting Lake Charles as the location Saturday. Since it isn’t possible to find bank information based on the buisness the card was used in, Matte said he was encouraging people to try to creatively match their informtaion.
“I told them that if they see a card that matches their card’s expiration date, search the date the card was stolen and put it in on the site,” Matte said. “They should then check their receipt from the store to see if it matches the date the site says it was stolen.”
For local residents still concerned about the safety of their card information and who have yet to check their accounts, there are several steps that can be taken, beginning with contacting your banking institution. Steps to protect yourself from identity theft can also be found at the Federal Trade Commission’s website, www.consumer.gov/idtheft.
Posted By: That's a smart way of thikinng about it. On: 1/10/2014
That's a smart way of thikinng about it.
Posted By: Julie On: 1/2/2014
Title: WHY AREN'T CONSUMERS BEING CONTACTED??
Target and its affiliate have an ethical obligation to contact each and every one of the estimated 40 million card holders that have been affected by the security breach in their IT system! As stated, they have a date range, customer names, and the names of the banking institution IN ADDITION to the card and security numbers.
SERIOUSLY - these arrogant, lazy idiots are telling the customers that shopped at their store to take on Targets responsibility and keep watch over their accts for fraudulent activity... That just doesn't sit well with me one bit. I have a MS in Information Technology with 20 yrs experience programming. A JUNIOR database administrator or programmer could produce the list of names within an hour.
The breach I can handle. The company shucking its responsibility in addition to the absolute LAZINESS makes me not want to ever spend another dime at Target.