Throwback Thursday: Target data breach, one year later

Consumer protection, Technology, Tips & how-to

It’s been a year since Target’s massive data breach. During the prime holiday shopping weeks following Thanksgiving, sensitive information including the credit and debit card data of millions of Target customers was compromised. Since that time, other large data breaches have occurred at JP Morgan Chase, Home Depot and eBay, among other companies, but the Target breach remains one of the largest.

Up to 110 million Target customers affected

Although exact numbers are still unclear, it’s likely that up to 110 million customers who shopped in U.S. Target stores — not online or in Canadian stores — were affected. Information for approximately 40 million credit and debit cards was taken along with expiration dates and card security codes. After initial reports of 40 million affected customers, Target upped the number and said that 70 million shoppers also had personal information like names, addresses and phone numbers stolen. Malware in the store’s security and payment systems and lack of prompt action on Target’s part were to blame.

Target responded to the breach by setting up a customer response operation, assuring customers that they would not have to pay fraudulent charges and offering one free year of credit monitoring to all customers who shopped at U.S. stores. Target also promised to speed up plans for chip-and-PIN store card implementation, a commitment they upheld.

Fallout from Target data breach

The breach was expensive for Target, which reported decreased quarterly earnings and an expense of over $250 million to address the problems. It was also costly in terms of personnel: as a result of the breach, CEO Gregg Steinhafel resigned in May after six years in his executive role and a total of 35 years at Target.

Due to the size of the breach, the government became involved soon after, starting with an investigation conducted by the Department of Justice. Executive Vice President and CFO John Mulligan apologized for the breach while testifying before the Senate Judiciary Committee.

State lawmakers took action, too. Forty-six states and the District of Columbia passed legislation regarding notification of breaches. Now companies and other entities must inform customers or clients when private information has been compromised.

This holiday season, Target is offering free shipping on online orders, presumably to win back customers who were shaken after last year’s breach.

Staying safe this holiday season

Follow some of Target’s own recommendations for protecting your information and avoiding common scams like social engineering, phishing and smishing, and smishing, or scams that operate through bogus text messages.

  • Verify the identity of someone asking for personal information first before revealing anything.
  • Don’t click on links in emails or texts from senders you don’t recognize; the links may lead to malware.
  • Check your monthly statements regularly to spot suspicious charges.

Also consider using newer payment technologies like the chip-and-PIN technology Target is now using, Apple Pay, or a similar program that protects the payment card’s information throughout the transaction.

You should also check your credit report regularly to ensure that nothing unexpected has turned up.

And if all else fails, pay with cash.