The person, who was not authorized to talk publicly about the
matter, declined to say how the hackers got in or where
investigators believe they are based, saying investigators don't
want to show their hand to the criminals.
Meanwhile the blogger who first broke news of the breach, Brian
Krebs, reported that data stolen from Target had begun flooding
underground markets that sell stolen credit cards.
KrebsOnSecurity.com reported on Friday that cards stolen from Target
were being offered at "card shops" for rates starting at $20 each
and going to more than $100.
Target has said that hackers accessed data on up to 40 million
payment cards over 19 days through Dec 15 in the second-largest
retail breach in U.S. history. It is not known who is behind the
attack or how they accessed Target's network.
A Secret Service spokesman declined to comment on the investigation,
which the agency is running.
The retailer reported the breach on Thursday, a day after Krebs
broke news of the attack. Target has declined to say how its systems
were compromised and has provided few other details about the case.
Target sought to reassure customers that it was safe to shop at its
stores and encouraged them to do so by offering 10 percent discounts
off most merchandise on Saturday and Sunday, the last weekend before
Christmas.
"We're in this together, and in that spirit, we are extending a 10
percent discount — the same amount our team members receive," Chief
Executive Gregg Steinhafel in a statement on Target's website.
Groceries are eligible for the discount, though video games, gift
cards, mobile phones and a few other items are excluded.
Steinhafel said the company would offer free credit monitoring
services and downplayed the impact the breach might have on
customers.
"We want our guests to understand that just because they shopped at
Target during the impacted time frame, it doesn't mean they are
victims of fraud," he said. "In fact, in other similar situations,
there are typically low levels of actual fraud."
[to top of second column] |
He promised that the customers would "not be held financially
responsible for any credit or debit card fraud."
However, Carol Spieckerman, president of retail strategy firm
newmarketbuilders, raised doubts about whether the discounts would
be good enough to win back shoppers. "In the absence of a definitive
status update on the breach, the promotions make it seem as though
Target isn't addressing its customer's concerns," she said.
"Target needs to reassure its customers that the breach is over and
that any transactions that occurred after December 15th are secure,"
Spieckerman said.
Separately, Target spokeswoman Molly Snyder said in a written
statement that "we are hearing very few reports of actual fraud."
She said stolen information was limited to data stored on the
magnetic strip.
The hackers did not obtain PIN numbers used to access ATMs or the
three or four-digit security codes that are printed on cards to
verify online purchases, Snyder said.
She also said Target has provided exposed card numbers to Visa,
MasterCard, Discover and American Express. Those companies are in
turn providing the information to the financial institutions that
issue them. (Reporting by Mark Hosenball, Dhanya Skariachan, Jim
Finkle and Varun Aggarwal; editing by Steve Orlofsky, Bob
Burgdorfer, Andrew Hay and Ken Wills)
[© 2013 Thomson Reuters. All rights
reserved.] Copyright 2013 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|