Target Corporation has confirmed a point-of-sale data breach affecting 180 stores across California, Arizona, Nevada, Oregon, and Washington. The company disclosed the incident after payment card networks flagged a pattern of fraudulent transactions linked to cards used at affected locations between March 15 and April 5.
The breach was caused by memory-scraping malware installed on POS terminals through a compromised vendor credential. Target says the malware captured payment card data including card numbers and expiration dates but did not compromise PINs or chip-based transaction data. The company estimates that approximately 850,000 payment cards may have been affected.
Target has removed the malware, reset all vendor credentials, and deployed additional endpoint detection software across its POS network. Affected customers are being offered free credit monitoring services, and the company says it is cooperating with the FBI and payment card networks in their investigations.
