The final weekend of Christmas sales is the worst possible time to have a security breach, but that's what happened at Target. Sales are down at least three percent following a security breach in which hackers stole millions of credit cards.
Let's back up a bit and review what happened.
40 Million Credit, Debit Cards Compromised
On December 19, Target disclosed that hackers gained access to as many as 40 million credit and debit cards used by customers of Target during the height of the holiday shopping season, in one of the biggest data breaches in history.
The Washington Post has details in Target says 40 million credit, debit cards may have been compromised
Company officials offered few details on the intrusion, which reportedly began the day before Thanksgiving and lasted until Sunday this week. Security experts said that the kind of information stolen – including names, card numbers, expiration dates and three-digit security codes – could allow criminals to make fraudulent purchases almost anywhere in the world.
The breach highlighted vulnerabilities in the massive, interconnected shopping systems used for billions of dollars of retail transactions every day. Customers at Target’s nearly 1,800 stores in the United States were potentially affected, though those who shopped online were not, the company said.
“Whatever money Target thought they were going to get during the holiday season just got flushed down the data-breach toilet,” said John Kindervag, an analyst and data security expert at Forrester, a research firm. He estimated that Target will have to spend at least $100 million to cover legal costs and to fix whatever went wrong.
Kindervag said the company will owe money to card brands, like Visa and American Express, that have to reimburse customers for fraudulent transactions. Target, based in Minneapolis and one of the nation’s largest retailers, also faces the risk of enduring damage to its reputation, according to analysts and consumer advocates.
The number of serious data breaches appears to be rising. This month, JPMorgan Chase disclosed that 465,000 of its card users’ data had been stolen after an attack on its the Web site for its prepaid card.
Get the Market Movements in Advance: William's Edge Webinar for Wednesday, March 12th, 2014 | John Ransom