PITTSBURGH (KDKA) — The security breach at Target was massive — $40 million debit and credit card accounts hacked.
“I had heard about it, and I thought naïvely that I wouldn’t be affected,” said Tom Buell, a Target breach victim.
Buell was one of the unlucky ones. His bank called to say his card had been compromised and cancelled.
KDKA’s Susan Koeppen: “How was your data used?”
Buell: “They said that at a 7-Eleven in Florida someone tried to make a $58 purchase and they flagged it because I had just had lunch in Pittsburgh.”
So, how did Buell’s debit card information get from a breach at Target to a crook using it a 7- Eleven? All of that stolen information is now up for sale on the black market.
Nicolas Christin is a cyber-security expert at Carnegie Mellon University.
Koeppen: “How many credit card numbers are for sale right now online?”
Christin: “We are talking dozens of millions at least.”
He showed just one site where stolen credit and debit card numbers are the commodity.
Koeppen: “So all of these cards you are scrolling are issued in Pittsburgh?”
Christin: “In Pittsburgh.”
Koeppen: “And they are all stolen and up for sale?”
Christin: “All stolen and up for sale.”
There were thousands of them – Visa, Mastercard, Amex – from banks like PNC, Huntington and Dollar.
Christin: “This is filling up already six pages.”
Koeppen: “Six pages of credit cards?”
Christin: “Six pages of credit and debit cards just from Pittsburgh.”
Your personal information may be priceless to you — but on this site — your debit card is selling for about $20. It was on a site like this where someone bought Buell’s data.
“It’s mind boggling,” said Buell. “I guess you can buy anything on the Internet now; and credit card numbers are just another commodity.
There’s not much consumers can do to avoid becoming a victim of a breach – anyone who shops with plastic is at risk.
“Long story short. The cash register got broken into,” said Christin. “How can you protect against that as a user? You use cash, that’s all you can do.”