In the wake of the Target security breach this past week, where almost 40 million account numbers and pins were apparently hacked, stolen, and put on the black market, Target has again tried to calm consumers. The data was apparently heavily encrypted, and a spokesperson says that the hackers would not have access to the key as Target does not store that data.
However, despite this revelation banks such as JPMorgan Chase and Santander have lowered the amount of money people can withdraw from their accounts and spend at stores. A security and data expert said that that was a strong measure to take, and seems to indicate that those banks seemed to have found something in their data to show that data breaches were already happening.
Many experts are already saying that encryption keys only buy you time, not entire security. Encryption keys can and are broken all the time.
So what should you do if you shopped at Target between November 27 and December 15?
First, make sure you check your bank account or credit card account (whichever card you may have used) daily for any unusual activity. If you see anything, notify the bank or institution immediately.
Target is sending data breach notification letters to affected consumers, and if you get one you should then call your bank for further instructions.
If you are especially paranoid, you could call and cancel your card now and request a replacement.
I personally did use my Amex card at Target during those dates, but I am keeping a watchful eye on my account rather than cancel my card right away.
For a very in-depth, informational look at how these data breaches take place, who does it, and the seamy underbelly of internet crime forums, take a look at KrebsOnSecurity, a blog that takes a much more interesting look at these stories than your typical AP newswire.
Have you had a problem yet with stolen data? Did you shop at Target during those dates?