by: Rick Earle, Target 11 Investigator Updated:
PITTSBURGH - The Target credit card breech impacted millions of people across the United States – all victims of thieves who could strike at any moment.
Target 11 Investigator Rick Earle has been hot on the trail of the stolen data, and he’s discovered the secret websites where some of the data is winding up.
A New Castle based credit union is suing Target for costs related to the data breach. First Choice Federal Credit Union is asking for more than $5 million dollars for costs associated with closing accounts, re-opening new accounts and issuing new credit cards.
The complaint alleges that Target was negligent because it waited three weeks to tell customers about the data breech, and the complaint says account information, passwords and credit card data of more than 110 million customers was impacted.
The US attorney general has also launched a federal investigation into the data breach. So we wanted to know what happened with all of that stolen information.
Earle discovered there are actually underground websites where you can by stolen credit cards. You don’t get the actually card, but you get all of the data form the magnetic strip on the back.
Experts said that info is enough to do some very serious damage.
“I went to use my card at a gas station and it kept declining it,” said Chelsey Barto, of Butler, who then discovered that her account had been drained.
Barto did some digging and uncovered two mysterious charges from out of state on her debit card.
“It was from New Hampshire and I said I'm sitting in Butler, Pa. right now so obviously I wasn't there two hours ago,” said Barto, who believes her card was compromised after she used it at Target on Black Friday. She immediately had her card cancelled and was reissued a new card.
So how did her stolen debit card data wind up in New Hampshire?
“These are different credit cards that have been compromised in various data breaches,” said Tiversa’s cyber security expert Rick Wallace, whose company has been tracking the data breech.
Wallace, whose own credit card was compromised during the Target breech, took me onto the online underground black market where we found hundreds of stolen credit cards offered up for sale.
Prices for the data varied from $2.70 for a visa card out of India to $38 for a card from the state of Washington, to $400 for an American express black card with no limit.
“Here's one out of Hong Kong that has 300,000 cards in it. You can buy that Visa. They're all brand new ready to go,” said Wallace.
Once the data is sold, the thieves either use the information to purchase items online or they make their own cards by transferring the information onto an empty card with a magnetic strip.
Wallace said some customers have seen as much as $30,000 dollars in bogus charges on compromised credit cards. He told Target 11 that the key is to monitor your statement for unauthorized charges and to quickly cancel the card if it’s been compromised.
“The value of those cards goes down. It's diminishing every single day because people are canceling their cards,” said Wallace, who indicated that most thieves use the cards only once or twice and then get rid of it and move onto another card.
Barto immediately canceled her card, but by the time she was reimbursed by her bank two months later, the damage had already been done.
“I was very mad. I needed that money that week I had bills to pay, and day I got my check the whole thing is gone,” said Barto.
Wallace told Target 11 that his company continues to monitor accounts for fraud. He also said it’s difficult for authorities to track down the people buying and selling the data because the majority of activity is overseas.