23 December 2013
Last updated at 11:28 ET
Details from millions of credit and debit cards were stolen from Target shoppers
Debit card limits are being cut for two million Americans following a hack attack on US retailer Target.
Details of more than 40 million cards were stolen by thieves who compromised card swipe systems at Target’s tills.
Bank JP Morgan Chase said it was reducing limits on all cards used at Target while thieves had been scooping up data.
Security researchers said the stolen card numbers had been seen on underground markets.
The thieves managed to grab the key details for so many cards by getting malware onto the computer systems at the checkout desks in almost 1,800 Target stores in the US. It is still not clear how the thieves managed to get their malware onto the systems.
The thieves had access to card data read at the tills for almost three weeks, said Target in a statement released after it realised it had been under attack.
JP Morgan Chase said it had lowered daily spending limits to $300 (£183) and daily cash withdrawal limits to $100 on potentially vulnerable cards as a “precaution”.
Reuters reported that other US banks are also believed to be putting stringent precautions in place that would help to spot if cards were being used fraudulently. In addition, Target said it would offer free credit monitoring for customers affected by fraud.
On 20 December, security researcher Brian Krebs said there was evidence that card numbers stolen in the Target attack had shown up on underground markets where such details are traded.
Writing on his blog, Mr Krebs said security investigators had first confirmed card details had been stolen from Target by buying a “dump” of credit card numbers and matching them to those known to have been used at stores during the breach.
A huge batch of numbers had shown up on one site that traded in good quality dumps, he said, adding that cards from non-US banks used at Target stores were now fetching premium prices.