Table of Contents
MINNEAPOLIS — Target Corp. has suffered a major security breach that may have resulted in a theft of data from as many as 40 million credit and debit card accounts. It was the second-largest data theft from a retailer in the United States.
Target Corp. has suffered a major security breach that may have resulted in a theft of data from as many as 40 million credit and debit card accounts. It was the second-largest data theft from a retailer in the United States.
The cyber attack took place during the height of the holiday season, beginning the day before Thanksgiving and lasting until Target identified and resolved the problem on December 15. The retailer notified authorities and financial institutions immediately after it became aware of the breach, and informed customers via a website alert that customer names, payment card numbers, expiration dates and CVV security codes had been stolen. It also established a special website to communicate with customers.
"Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue so guests can shop with confidence," chairman, president and chief executive officer Gregg Steinhafel said in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
For Target, which has been struggling with slow sales and an unexpectedly weak start to its entry into Canada, the incident was a major blow to its holiday hopes. In the wake of the announcement, consumers began filing lawsuits against the retailer, with the count reaching nearly two dozen by Christmas Eve.
Suits seeking class-action status have been filed in state and federal courts in a number of states, including Minnesota, California and New York. One plaintiff in Minnesota told Bloomberg News that Target did not notify customers about the security breach until after the event was reported in the media. Most of the suits allege that Target either failed to maintain adequate security for the data and/or did not promptly notify customers about the breach.
Target has since agreed to give some customers free credit reporting and stated that customers will not be responsible for fraudulent charges. The chain also offered 10% discounts on the weekend before Christmas to lure wary shoppers back to its stores.
Target is cooperating with the Department of Justice and the Secret Service in an ongoing criminal and forensic investigation. Target is not the object of the investigation, according to the company.
In addition, Target’s general counsel, Timothy Baer, hosted a call for states attorneys general on December 23. Attorneys general from a number of states, including Connecticut, Massachusetts and New York, had asked the company to provide additional information about the incident.
Target has not publicly revealed how extensively its information systems were compromised and has simply described the attack as a sophisticated operation.