Page 2 of 2 Previous
Target explains the wait
Target has faced intense criticism for the cyberattack and its handling of the matter, and the theft is expected to cost it hundreds of millions of dollars, only some of which will be covered by insurance.
Target has said it first heard about a possible breach from the U.S. Justice Department on Dec. 12 and that it confirmed the attack and eliminated all known malware on Dec. 15. But the company did not publicly disclose the breach until Dec. 19, the morning after a data security blogger revealed it.
The company has said it was moving as quickly as possible to give customers accurate information, while hiring an independent forensics investigator and working with law enforcement.
“As soon as we identified and removed the malware from our system on 12/15, we immediately began the process of notifying the relevant financial institutions,” spokeswoman Molly Snyder said in an e-mail. “Each state has their own notification requirements and we were working around the clock to ensure we could reach the greatest numbers of U.S. guests in a way that would provide them with information, be clear about what happened, provide resources and next steps.”
Snyder said Target knew it needed to prepare for “a massive increase in volume of calls.”
The attack began after thieves stole network credentials from a heating and refrigeration contractor in Pennsylvania and used them to infiltrate Target’s computer networks, inserting malware on the point-of-sale systems at cash registers in more than 1,700 U.S. stores.
Attackers ultimately made off with two sets of data: the payment card information of about 40 million customers and personal information, such as phone numbers and e-mail addresses, of 70 million customers.
Costly to banks, credit unions
Considered one of the country’s largest recorded data breaches, the heist remains the subject of several investigations.
The breach forced banks and credit unions across the country to reissue millions of debit and credit cards, an expensive endeavor estimated to have cost them more than $200 million to date. So far they’ve replaced about half of the 40 million cards affected, the Consumer Bankers Association and the Credit Union National Association said Tuesday.
How much of that effort is being driven by actual fraud on cards, or the desire to be proactive and head off potential fraud, isn’t clear. The full extent of what crooks have done with the information will not be known for some time.
Jennifer Bjorhus • 612-673-4683