Target Corporation disclosed today that point-of-sale systems at approximately 200 stores across the Midwest and Southeast were compromised between March 15 and April 8, potentially exposing credit and debit card data for an undetermined number of customers. The company said it discovered the breach through its internal security monitoring and has contained the intrusion.
Preliminary analysis indicates that the attackers deployed memory-scraping malware on POS terminals that captured card data during the payment process. The breach does not appear to have affected online transactions or the Target mobile app. Customers who used chip-and-PIN cards may have reduced exposure due to the encryption of transaction data at the terminal level.
Target said it is working with the Secret Service and a leading forensic investigation firm to determine the full scope of the breach. Affected customers will be notified directly and offered complimentary fraud monitoring services. The company's stock price dropped 4% in early trading following the announcement. Target's previous major data breach in 2013 affected 41 million payment cards and cost the company over $200 million in settlements and remediation.
