According to Javelin Research, one out of three victims of the data breach at Target during the Christmas selling period could be victimized with fraud.

Al Pascual, senior analyst for security risk and fraud, said: “The correlation between a fraud victim and a breach victim gets stronger every year.”

Target had announced that 40 million credit and debit cards may have been stolen by its point-of-sale devices. There is some speculation that it may have been an inside job. The payment card details were unencrypted.

Mark Bower, director of information protection solutions at Voltage Security, said: Either people inside the organization were involved or, “at the very least, (the thieves) had sophisticated knowledge and a clear understanding of the cardholder data flows, in order to pinpoint where to steal this very specific data and then exfiltrate it.”

cash registers often run on Linux or Windows operating systems, just like computers. And often, they are using Windows XP. That is the reasoning behind Microsofts push for people to abandon XP as the OS will become more susceptible to malware in the near future.

What bothers investigators is that most of the systems are on closed circuit networks and not accessible from the Internet.

Avivah Litan, analyst for Gartner, said: ”It’s impossible to plug up all the holes when you’re a retailer.” Either an insider with privileged access to Target’s network was involved, she said, or the thieves obtained the credentials of a privileged user.