Target debacle: Retailer now says 70 million people hit in massive data breach

“The data breach that hit Target Corp. over the holidays was bigger than the company had previously said, affecting more systems and compromising a new set of personal information for 70 million people,” Paul Ziobro and Ben Fox Rubin report for The Wall Street Journal.

“Target said Friday that the new set of stolen information included some mix of names, mailing addresses, phone numbers and email addresses. The information was stored separately from the 40 million credit and debit card accounts that the discount chain had previously said were affected, indicating that a different system had been hacked,” Ziobro and Rubin report. “The retailer said there was some overlap between the two sets of stolen data but didn’t say how extensive it was. The entry point for the attack has been identified and closed, spokeswoman Molly Snyder said.”

“Target said just before Christmas that apparent thieves had broken into its point-of-sale system and stolen credit and debit card data in a hack that went on for two weeks, including the crucial Black Friday weekend after Thanksgiving,” Ziobro and Rubin report. “Target, along with the Secret Service, the U.S. Justice Department, and a forensic unit of Verizon Communications Inc., continue to investigate the breach. A number of states are looking into the breach as well. On Friday, New York Attorney General Eric Schneiderman said the new disclosure was ‘deeply troubling.’ The retailer hasn’t provided any estimate of costs related to the breach, which could include reimbursements to card networks to cover fraud and the cost of issuing new cards, lawsuits and legal costs associated with the various investigations. The costs could significantly hurt the company’s results, Target said.”

Read more in the full article here.

Related articles:
NY Apple thefts eyed in Target’s nationwide credit breach – December 20, 2013
Target hit by massive credit-card breach – December 19, 2013

23 Comments

    1. Just DON’T move to Stupid Card® RF chip technology that doesn’t require authentication. That crap should never have been approved for public use. I’m stuck with one in my NYS driver’s license and have to keep the thing in its very own AFDB, aka metal foil envelope, to stop it from being casually scanned. Ridiculous.

      Apple joyfully has avoided RF chips so far.

  1. I want to know details. How did this happen? What was exploited and how? I rarely shop at Target but just so happened to stop in one during those 2 weeks to buy a USB cable. I haven’t seen any fraudulent activity on my card, but Target owes us a better explanation than they have thus far.

    1. You won’t get one. But what’s happening behind the scenes is more interesting. This is a guess, but I’m Extrapolating from what happened at a company I worked for, several years ago: IT Security at Target had become sloppy, or Management didn’t want to spend the $$$ necessary to make security tight. Now this blows up in their face and everyone’s scrambling. Many sleepless nights for IT personnel. Don’t know if anyone at Target has been fired yet, or walked, over this, [i.e., made a scapegoat] as this is too public, but it’s a possibility. The Credit Card companies are furious over having to cancel accounts, reissue numbers, extra personnel to handle this processing, which cut into Their profits and time. They have issued Target an Ultimatum: you Beef up your security NOW following our Recommended Guidelines, or we revoke your Merchant Privileges (a pretty scary threat). Oh, and $250K+ per month penalty fines until procedures have been completed to our satisfaction. Possibly the penalty fines can be negotiated, or stalled; but the procedures are extensive, and the time, personnel and cost spent by Target to satisfy demands, will likely wipe out Target’s 2013 profits.

      And still not discussed in all this is why we continue to use the magnetic stripe credit cards, which makes this kind of breach desirable. This is obsolete security technology. Maybe this incident, and the size and scope of it, will finally be the catalyst for making the CC companies get off their duff and start changing to smart chip credit cards, or something else.

        1. The actual credit card “brands” VISA and MasterCard don’t take the hit, it is the banks issuing the cards (look on the back) and the processing banks (the ones handling the transaction). They are the ones handing out the fines. And the reason Targets processing bank has not cut them off is they make a fee off every credit card transaction at Target. The fact that email address and other info beyond just credit card data shows this was not just limited to Target’s cash registers. That would come from some internal database where complete credit card #’s should not be stored. It all comes down to dollars, and yes the Target breech has raised awareness at other large retailers. In the end the consumer pays for it all in higher fees and cost of goods.

  2. Just say, everyone who has ever done business with Target has been victimized, but FIX IT.

    Fix IT? Fuck IT and Microsoft and the stupid way they “think” different.

    First it was, Naval ships and guns and missiles and Air Traffic Control,
    now it’s nasal drips and bells and whistles and registers out of control.

    Banking should play a greater role in providing financial security for all of my transactions in the form of oversight through frequent and stringent Quality Control inspections that rate a stores security maintenance, just as the ABCD is used in the restaurant business.

    We should be notified by government report, which stores are susceptible to failure on a scale of this magnitude.

    Apple should open a bank and provide a soup-to-nuts solution for financial banking for the 21ST Century. Cocoa can do for banking, what it’s done for the iTunes Store.

    1. I’d like to think that other people can start their own businesses based on the Apple model.

      I don’t like the idea of Apple getting out of their area of expertise. I watched that lunacy happen at Kodak with their buying with random abandon companies that had nothing to do with imaging. Oops. That went bad. 😯

      1. And I’d like to think business people could start their businesses using Apple Bank loans to build out the infrastructure necessary to support Apple products as a point-of-sale platform, iPhone cash registers, et. al.

        All Apple need do is develop and license an “Apple Inside” program replete with products and services that take advantage of Apple’s iCloud Banking services, which would be a vital segment of the iTunes Store backchannel, using the stringent security measures provided by OS X server.

        Apple’s banking partners would have access to the supply channels and could cross-market Apple’s and their’s products in synergistic fashion.

        Imagine the kind of Christmas Savings Plan Apple Bank might offer? Or how about layaway plans?

        I know Apple should stick with what they do best, but quite frankly they do business very well and business people could learn a lot from Apple retail, which made perfect sense to us, but dumbfounded the rest of the PC-using world.

        Apple stores? No way know how.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.