Friday, January 10, 2014

CYBERCRIME - Update, 70 Million Additional Target Customers At Risk by Breach

"Target:  Up to 70 million more customers were hit by December data breach" by Amrita Jayakumar, Washington Post 1/10/2014

Target said Friday that the massive cyber attack it suffered during the height of the holiday shopping season may have affected an additional 70 million customers and swept up far more information than it originally reported.

The giant retailer told customers in December that up to 40 million customers’ credit and debit card information had been stolen.  But now the company says that an additional 70 million customers also may have had their personal information — including names, mailing addresses, e-mail address and phone numbers — stolen.

There could be some overlap between the groups, said Target spokeswoman Molly Snyder, but the total number of shoppers affected by the attack may be more than 100 million.

Friday’s announcement is the result of an ongoing investigation into the security breach, Target said.  The company is working with the Secret Service and the Department of Justice to determine who was behind the attack.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target’s chairman, president and chief executive officer said in a statement.  “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”

Affected customers will be sent an e-mail providing them with general security tips, the retailer said.  No personal information would be requested in the e-mail.  In addition, Target is offering one year of free credit monitoring and identity theft protection to shoppers whose payment data was stolen. Customers are not liable for any fraudulent charges made to their cards as a result of the breach, the company said.

The company has a list of tips for shoppers as well as follow-up measures on its Web site.

Customers should be on the lookout for “consumer scams,” Snyder said.

The attack that was reported in December resulted in the theft of credit card and debit card data from Target customers who had shopped at the store between Nov. 27 and Dec 15.  The 3-digit security code found on the back of payment cards was also taken at the time.

The breach highlighted vulnerabilities in the massive, interconnected shopping systems used for billions of dollars of retail transactions every day.  Customers at Target’s nearly 1,800 stores in the United States were potentially affected, though those who shopped online were not, the company said.

Target’s breach was already one of the largest ever reported, according to security experts, and occurred during the critical holiday shopping season.  Already fearing that budget-strapped consumers would scale back their spending, the company offered 10 percent off all in-store purchases after the attack.

“In light of the recent data breach, our top priority is taking care of our guests and helping them feel confident in shopping at Target,” John Mulligan, Target’s chief financial officer, said in a statement.

Target also cut its fourth-quarter earnings forecast and said it expects sales to decline by 2.5 percent in that quarter.

“While we are disappointed in our 2013 performance, we continue to manage our business with great discipline and leverage our expense optimization efforts to reinvest in multichannel initiatives that generate long-term value for our shareholders,” Mulligan said.

No comments: