Texas police have a man in custody they believe may have been involved with last year's massive security breach at retail giant Target that exposed the personal data of more than 70 million customers, according to court documents.
Guo Xing Chen, 40, was arrested at Target store in Georgetown, Texas, on December 12, 2013, after allegedly trying to purchase several gift cards with a fraudulent credit card, according to an affidavit cited by USA Today. A lookout alert was issued for Chen a day earlier after he allegedly tried to use several fraudulent cards to purchase thousands of dollars in gift cards and iPads at a Target store in Temple, police said in an affidavit.
"It is also believed Chen is involved in a large scale credit breach believed to be in excess of $70 million according to investigators from the Target Corp.,'' according to the affidavit that did not elaborate on his alleged involvement in the breach. CNET has contacted Target for comment and will update this report when we learn more.
Retail giant Target revealed in December that hackers had obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items in its stores between November 27 and December 15. Originally believing that 40 million accounts had been exposed, the second-largest discount chain in the US later said that as many as 70 million additional customers may have had their personal information stolen in the breach.
Chen was arrested in December after being tracked from the Georgetown Target to a nearby Starbucks coffee shop where police learned he had an outstanding felony warrant out of Arkansas for credit/debit card abuse, according to court documents. During the arrest, the employee of a nearby sandwich shop told police that several credit and debit cards had been found abandoned in the shop's restroom after Chen and another man exited the restroom.
Chen was released on bail five days later, but an administrator at the Williamson County Jail confirmed to CNET that he was in custody Wednesday after being arrested on Monday on charges related to the fraudulent use of credit and debit cards.
Target's breach was second in size only to the 2008 cybersecurity breach at Heartland Payment Systems, which exposed 130 million credit and debit card numbers. Security experts criticized the retailer for the massive breach, saying the malware hackers used to access Target's point-of-sale terminals could have -- and should have -- been detected long before it was.
In addition to raising the scrutiny of companies' cyber-defense, the hack hurt consumer confidence in Target and its profits. The breach also resulted in executive resignations, the latest of which came Monday when Target announced that CEO Gregg Steinhafel had resigned and held himself "personally accountable" for the breach.