Yet another major cyber attack has resulted in a database of over 40 million credit card numbers being taken by unknown hackers. The victim is the retailer Target and the numbers were lifted between November 27th to December 15th, which include "Black Friday" and "Cyber Monday", two of the biggest shopping days of the year.
Krebs on Security first reported on the theft on Wednesday and the incident was later confirmed by Target. It stated, "We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code)."
The company said Target customers should review their credit card statements closely to see if there is any unusual activity and report any suspicious to their financial institutions. It added that it has contacted law enforcement authorities to investigate this breach and also brought in an unnamed "leading third-party forensics firm" to examine what happened and what steps Target can take to prevent similar incidents in the future. So far, the company has not offered to give customers access to free one year identity theft protection as other corporations have done in the past with similar database attacks.
A recent panel during the HP Discovery event in Paris revealed that the average time for a security breach to be detected after it happens is 243 days, and that the vast majority of them are found by a third party rather than the victim.