Target’s Massive Data Breach: 10 Things You Need to Know

By Don Reisinger

Target announced last month that hackers stole approximately 40 million debit and credit cards. The information the hackers collected allowed them full access to card numbers and could potentially open the door for them to make fraudulent purchases.

Speaking of fraudulent charges, Target says that consumers need not worry. On an FAQ page on its site, Target reassured its “guests” that they will not be liable for any fraudulent charges that might arise because of this data breach. It’s not clear whether significant numbers of Target shoppers have been hit with fraudulent charges.

Target, like many companies that have experienced data breaches in the past, will offer its customers free credit monitoring for a year. Target has also promised to pay for a full year of identity theft protection for all affected guests. Target plans to share more details of that offering soon, but its response is the standard in the security space when such a large-scale breach occurs.

It’s shocking just how long the Target data breach went on before the breach was discovered. According to Target, the breach started on Nov. 27 and continued until Dec. 15 before the point of entry was found and blocked. That gave the hackers plenty of time to collect names, card numbers, expiration dates and security codes on the stolen cards.

Reports suggested recently that the underground market for stolen credit card numbers is booming. In fact, a report from security news site KrebsOnSecurity said that cards are being sold for anywhere from $20 to more than $100 each on black market sites. The cards are reportedly being sold in one-million-card batches.

According to Target, up to 40 million credit and debit cards, including full identifying information, was stolen. In addition, up to 70 million customers had their personal information taken, giving hackers another opportunity to generate revenue from the breach. Such sobering data wouldn’t be complete without a dose of reality: Target says that despite the breach, it will still generate a profit of $1.20 to $1.30 in earnings per share for the fourth quarter. What’s more, sales went down after the announcement of the breach, but have “since shown improvement in the last several days,” according to the company.

So far, Target has said that the breach impacted only U.S.-based customers. In fact, the company wrote on its FAQ page that Canadian customers need not worry about being looped into this massive breach. Here’s hoping it stays that way.

There’s an ongoing question surrounding PINs and the Target breach. Target has said that the hackers collected PIN data, but the company claims it’s “strongly encrypted” and is therefore “safe and secure.” Some customers have understandably expressed concern over the PINs, but the company line right now is that they shouldn’t worry.

Target has posted guidelines on its Website for sniffing out possible scams. The company said that its customers should particularly be on the lookout for a wide range of scams, including phishing, smishing (the text-message route for phishing attacks) and social engineering, designed to steal a person’s identity. All Target customers should be on the lookout for anything suspicious.

Why not end on a small dose of good news? According to Target, the hole that allowed hackers to break into the company’s network has been plugged and the company now believes that its systems are secure. Based on how this has gone so far, however, don’t be surprised if Target’s “ongoing investigation” reveals yet more breaches or security leaks.