Fury and frustration over Target data breach (Update)

Dec 20, 2013 by Anne D'innocenzio
Shoppers arrive at a Target store in Los Angeles on Thursday, Dec. 19, 2013. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. (AP Photo/Damian Dovarganes)

Potential victims of credit card fraud tied to Target's security breach said they had trouble contacting the discounter through its website and call centers.

Angry Target customers expressed their displeasure in comments on the company's Facebook page. Some even threatened to stop shopping at the store.

Target's CEO Gregg Steinhafel apologized through a statement issued on Friday. The retailer also said it's working hard to resolve the problem and is adding more workers to field calls and help solve website issues. And the discounter began offering 10 percent off for customers who shop in its stores on Saturday and Sunday and free credit-monitoring services to those who've been affected by the issue.

The Minneapolis-based discounter said that while it's only heard of "very few" reports of fraud, it's reaching out to customers who made purchases by swiping their cards when the scam occurred. The company also said it's continuing its investigation into the matter.

"We take this crime seriously," Steinhafel said in the statement.

Target's statements come after the second largest U.S. retailer acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The theft is the second-largest credit card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos. That incident affected at least 45.7 million card users.

Target disclosed the theft a day after reports that the company was investigating a breach. The retailer's data-security troubles and its ensuing public relations nightmare threaten to drive off holiday shoppers during the company's busiest time of year.

On Friday, Target reiterated that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.

There was no indication the three- or four-digit security numbers visible on the back of the card were affected, Target said. It also said Friday there was no indication that the stolen data included a customer's birth date or social security number. The data breach did not affect online purchases, the company said.

Shoppers leave a Target store in North Olmsted, Ohio Thursday, Dec. 19, 2013. Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. (AP Photo/Mark Duncan)

Target also said it didn't believe that PIN numbers to customers' debit cards have been compromised. So that means someone cannot visit an ATM with a fraudulent card and withdraw cash, it said.

Target hasn't disclosed exactly how the breach occurred but said it has fixed the problem.

Given the millions of dollars that companies such as Target spend implementing credit-card security measures each year, Avivah Litan, a security analyst with Gartner Research said she believes the theft may have been an inside job.

"The fact this breach can happen with all of their security in place is really alarming," Litan said.

Other experts theorize that Target's network was hacked and infiltrated from the outside.

Target, which has almost 1,800 stores in the U.S. and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15. The company is teaming with a third-party forensics firm to investigate and prevent future problems.

Data breaches tied to credit card fraud are on the rise, according to Javelin Strategy & Research, a San Francisco-based financial services firm.

According to the firm's report, nearly 16 million consumers were notified that their card information was compromised in 2012, while the number of victims of fraud increased more than three-fold from 2010 to 2012. That resulted in $4.8 billion in fraud losses.

Al Pascual, a senior analyst of security risk and fraud at Javelin, noted that 28 percent of customers who are notified that their cards were breached typically suffer fraud in the same year.

"This is going to spawn credit card fraud," he said.

Target's credit card breach poses a serious problem and threatens to scare away shoppers who worry about the safety of their personal data.

"This is close to the worst time to have it happen," said Jeremy Robinson-Leon, a principal at Group Gordon, a corporate and crisis public relations firm. "If I am a Target customer, I think I would be much more likely to go to a competitor over the next few days, rather than risk the potential to have my information be compromised."

The incident is particularly troublesome for Target because it has used its store-branded credit and debit cards as a marketing tool to attract shoppers with a 5 percent discount.

During an earnings call in November, the company said some 20 percent of store customers as of October have the Target-branded cards. In fact, households that activate a Target-branded card have increased their spending at the store by about 50 percent on average, the company said.

Target shares rose 34 cents to $62.49 on Friday.

Explore further: Target: 40M card accounts may be breached (Update 2)

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

B&N: PIN pad tampering was "sophisticated" crime

Oct 24, 2012

(AP)—Barnes & Noble Inc. said Wednesday the tampering of devices used by customers to swipe credit and debit cards in 63 of its stores was a "sophisticated criminal effort" to steal information, and reiterated it's working ...

Visa, MasterCard scramble after massive data breach

Mar 30, 2012

Credit card giants Visa and MasterCard were scrambling on Friday to thwart cyber crooks who looted a massive trove of precious account data, evidently from a payment processor in New York.

Limo firm hacked; politician, celeb data breached

Nov 04, 2013

An Internet security firm says a limousine software company has been hacked, exposing credit card numbers and potentially embarrassing details about close to 1 million customers, including politicians, star athletes and corporate ...

Data breach put 1.5M numbers at risk

Apr 02, 2012

(AP) -- A company that processes credit card transactions said Monday that as many as 1.5 million card numbers were compromised in a data breach early last month.

Citigroup says 360,000 affected by hackers

Jun 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Dec 21, 2013
I'd suggest, among other actions, the credit card issuers proactively replace the cards - ALL the cards that were used in that time period - and recover the cost of doing so from Target.

No excuses. Regardless of how seriously Target was taking security, it wasn't enough. In order to encourage companies to use sufficient resources for security, companies should as much as possible solely bear the cost of security breaches.

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...