Brick and Mortar Identity Theft Targets 40 million Accounts

20304381_s Just when you thought that Holiday Identity Theft could only occur online, North American big-box retailer, Target Corporation, announces a massive security breach that could affect up to 40 million American and Canadian consumers.  How did this happen!?

It would seem that a retail economy so focused on ensuring the security of online shopping has left its doors wide open for identity thieves poised to find another means of entry.  Current details on how exactly the thieves hacked their way in is limited, but one can only assume that there was some sort of gaping breach in Target’s internal accounting security.  One further possibility is that the theft was an inside job, years in the making.

Current facts are as follows

The breach affects anyone who swiped their credit card at a Target checkout terminal between November 27th and December 15th.  Strangely enough, the breach does not affect anyone who shopped online at Target’s website.

What the culprits stole away with includes just about everything they’ll need to use any one of the 40 million credit cards: account numbers, customer names, expiration dates, even CVV security codes.  Target states that the breach has since been fixed; but, the necessary data is already in the wrong hands.  For those who have fallen victim to the crime, all that can be done at this point is a vigilant self-monitoring of their own accounts.

A New Target?

In an industry that’s increasingly dominated by online competition, this massive theft represents a major blow to Target Corporation and probably also many other big box retailers that consumers associate with the store.  More than that though, the theft represents a new line of thinking within the identity theft community (that is, if this sort of community even exists ;).

In other words, hackers seem to be taking a throwback approach to identity theft.  Because competition is tight, retailers have been forced to focus most of their efforts — security and otherwise — on their online sales channels.  This shifted focus may indeed be the reason Target’s identity thieves were able to sneak in, simply because no one thought that they would.  This development entails many broad scale implications that security experts the world around will need to take into consideration in the continual process of honing their own approach.

Antivirus security is much more than technical know-how and programming.  It’s also largely an act of social engineering.  Good hackers know how to exploit human behavior, and good computer security experts know how to anticipate this exploitation.  To be able to anticipate, we here at Emsisoft keep a keen eye on emerging trends.  We do this because we know that wherever there are computers, there needs to be computer security, and to provide it comprehensively we need to be able to adapt and evolve.

As for the Target security breach and just how many among the 40 million it will affect, it is still to early to tell.  Our recommendation to anyone who may have shopped at a Target location between Nov. 27th and Dec. 15th would be to keep a keen eye on potentially compromised accounts for at least the next month.  In some cases, it might even be wise to cancel the card and open a new account, which is a relatively painless process with most major providers — much less than being hacked.

In any event, Have a Great (Malware-Free) Holiday Shopping Season, both online and abroad!