Target’s woes worsen as true scope of credit card heist grows

Target Corp. says the number of customers whose credit card and other personal data was stolen now totals as many as 70 million. At least 30 state attorneys general are investigating the breach and the retailer’s handling of the matter.

Rick Wilking/REUTERS
The data breach at Target Corp over the holiday shopping season was far bigger than initially thought, the U.S. retailer said on Friday, as state attorneys general announced a nationwide investigation into the cyber-attack.

Having some 40 million consumer credit and debit card numbers stolen and then resold on the Internet black market stung No. 3 retailer Target just before Christmas, angering many of its customers.

Now that early estimate has begun to seem small potatoes as it becomes clear that the card data heist was far larger, and affected far more people, than first reported

What’s more, the retailer reported Friday that not only credit card numbers were stolen as customers swiped cards during the wall-to-wall Thanksgiving to Christmas shopping season, but that thieves also gained access to “guest” data bases, where the cyber-fraudsters helped themselves to information that’s widely used to steal money from people’s bank and credit accounts.

Target said on Friday that aside from card numbers, expirations dates and the three-digit CVV security codes on 40 million cards, up to 70 million customers in total were affected as the heist also included names, mailing addresses, phone numbers, and email addresses.

Though the burden of reimbursing consumers for false charges on their plastic falls on financial institutions bound by law to redeem any fraudulent charges, shoppers, too, may be facing years of financial mayhem as a result.

Many shoppers were upset that Target seemed to be slow-walking new information, though experts said it’s fairly typical as retailers investigate and understand the true reach of a breach.

“Now we hear our names and email addresses too!!” writes shopper David Lungarini on Target’s Facebook page on Saturday. “I will never shop at Target again.”

On Friday, Target offered all its customers one year of free credit monitoring and identity theft protection to “ALL guests,” as it wrote on Facebook.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, Target’s CEO.

Ibby Biby, a French teacher, wasn’t alone in responding with emotion, “You RUINED my holiday,” she wrote on Target’s Facebook page, explaining how the breach led to her bank shutting down her card on the one day she had to shop for gifts for her family.

Nathaniel Couper-Noles, principal security consultant at security and risk management company Neohapsis, told Fox Business News that the breach reinforces the necessity for large retail corporations to invest not only in the latest Internet security safeguards, but also to focus on contingency planning.

On Friday, retailer Neiman-Marcus also revealed that some of its shoppers may have had their cards stolen in the Christmas run-up, though the luxury retailer didn’t give a number of affected shoppers.

Given the new numbers, the Target breach could now become the largest ever against a US retailer as the 1,797-store chain struggles to regain its footing amid a torrent of bad news. At least 30 state attorneys general have launched investigations into the breach and the retailer’s handling of the matter.

On Friday, the company also admitted the credit card heist and its backlash is beginning to have repercussions on the company’s bottom line, predicting “meaningfully weaker-than-expected sales since the announcement” of the breach. Sales could decline by 6 percent by the end of the first quarter of 2014, the company warned stockholders. 

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.