On Thursday, Target confirmed that the financial data of some 40 million customers was compromised. The breach could spell trouble for the company in more ways than one.
According to what the Minneapolis-based company told Business Wire, the infiltration occurred between November 27 and December 15 of this year and has since been resolved. However, the party responsible for the attack is still unknown.
ZDNet is reporting that the breached databases contained the customer names as well as credit and debit card numbers complete with expiration dates and three-digit Credit Verification Value (CVV) codes.
It is not clear at this time whether or how the card information was used.
“We take this matter very seriously,” said Target’s president and CEO Gregg Steinhafel, “ and are working with law enforcement to bring those responsible to justice.”
Now in the dog days of the holiday shopping season, the breach couldn’t have come at a worse time. However as ZDnet reported, lost sales could be the least of the company’s worries. PCI Standards, the industry-mandated rules that govern businesses dealing with credit card transactions, prohibits companies from storing CVV codes.
“Without knowing the exact breach vector it’s hard to say exactly what happened,” Forrester analyst John Kindervag said to ZDNet. “but clearly by exposing CVV information target has demonstrated a blatant disregard for PCI DSS compliance regulations as well as card security best practices.”
Photo by Kevin Dooley/Flickr