Target says data sold on dark web is ‘outdated,’ likely 'released by third party’
Following the posting of an alleged database of customer information on a hacker forum, Target is denying that the data being sold on the dark web is current and says that the information was not taken directly from its systems.
On Thursday, the hacker posted the trove, which contains names, store addresses, and transaction information, purportedly for more than 800,000 Target customers.
But Target spokesperson Brian Harper-Tibaldo told The Record that the data is “outdated” and “may have been released by a third party.”
“Our cybersecurity team is confident this is not a data breach and has found no malicious access to or compromise of Target’s systems,” he said.
“In addition, the team can confirm that no current or personal guest information was included in the data disclosed by the threat actor.”
The hacker claims in the post that the database includes information on customer purchases from pharmacies and information on RedCards – cards from the retail giant that offer customers discounts and benefits.
According to IntelBroker, TARGET's database of 800K customers was leaked and posted on a hacker forum. They claim that the data contains GST ID, name, address, transactions, and other information. #USA #darkweb #deepweb #databreach #cyberrisk pic.twitter.com/fzLOOLv9EN— FalconFeedsio (@FalconFeedsio) January 27, 2023
The leak caps a busy month for data breaches, affecting companies like DuoLingo, Hilton Hotels, Samsung, PayPal, Nissan and more.
A report from the Identity Theft Resource Center published this week found that 1,802 U.S. companies reported a data compromise in 2022 after 1,862 were reported the year before.
The researchers found that more than 422 million people had their information leaked last year and 1,143 of the breaches involved people’s full Social Security numbers.
Identity Theft Resource Center CEO Eva Velasquez said the figures are only estimates since data breach notices are “increasingly issued with less information.”
“This has resulted in less reliable data that impairs consumers, businesses and government entities from making informed decisions about the risk of a data compromise and the actions to take if impacted by one,” she said.
“People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a ‘scamdemic’ of identity fraud committed with compromised or stolen information.”
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.