I'm thinking it's likely an inside job (i.e., Target or vendor employees) or possibly parking lot broken WiFi password packet sniffing.
Also recall the POS malware incident in late 2013 was due to Target's and vendor's negligence in secrets management. This shows a history.
I seriously doubt it was Apple's doing because of how diligent they tend to be.
He's not going to get anywhere with corporate mutual finger-pointing like kids and missing cookies. If it's not about the money, why doesn't he consult an attorney for advice (rarely expensive) and/or take Target to small claims court?
My assumption is that Apple exposes an API or page that can validate a gift card. If someone physically sees that card at Target and is then able to poll Apple with the number, that could go a long way towards enabling a scam. All the scammer needs is some automated mechanism to test whether a card has been activated.
Could be as simple as a balance checking service that either gives a dollar amount or an error code indicating the card isn't active.
It's probably a lot simpler than this. Scammer shoplifts the inactivated cards, writes down the numbers / pins (or maybe scans them), then brings them back to the store and puts them back on the rack. Then they just wait.
