Stolen Target Data Reportedly Losing Value
Credit and debit cards stolen during the Target Corporation security breach in December are reportedly losing value rapidly on the black market.
Card information stolen during the breach initially carried high value, primarily because banks hadn’t canceled any cards yet, according to cyber security journalist Brian Krebs, who initially broke the news of the Target breach. Two months after the breach, however, banks have canceled a significant amount of potentially affected cards, forcing the individuals behind the breach to sell cards in mass quantities at low rates, Krebs said.
Krebs added that an underground operation called Rescator recently tried selling 2.8 million cards (stolen during the breach) at a price almost 70 percent less than what cards were selling for around December 19, when Target first acknowledged a security breach. Initially selling for $26.60 to $44.80 per card, stolen cards are now priced at $8 to $28, according to Krebs.
“The reason for the price drop appears to be the falling ‘valid rate’ associated with each batch,” Krebs wrote. Cards that were sold around December 19 were advertised as “100 percent valid,” but now, they carry a “60 percent valid” rate.
Meanwhile, the Pioneer Press reported that the Target data breach has cost the state’s credit unions $750,000 in added expenses. Connie Kuhn, spokeswoman for the Minnesota Credit Union Network, told the St. Paul newspaper that those expenses include the cost of replacing thousands of credit and debit cards, communicating with concerned cardholders, and the expense of monitoring fraud activity.
Kuhn told the Pioneer Press that the state's 134 credit unions issued 27,000 credit cards and 117,000 debit cards that were used at Target stores during the breach, but did not say how many cards have been canceled and replaced.
Target first publicly confirmed the data breach on December 19, and in January, said that up to 70 million customers’ mailing addresses, phone numbers, or email addresses were also accessed.
Krebs also recently reported that the data breach occurred when malware-laced phishing emails infiltrated Target’s computer network.