KrebsonSecurity was the first to report of a massive data breach at Target stores. Details are still emerging, though Target did release a statement on December 19th confirming a breach, saying that 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Indications are that the breach extends to nearly all Target locations and the stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.
Takeaway: While it’s too soon to know if Target violated any consumer protection or data security laws, retailers and consumers should be aware that cybersecurity attacks are increasingly sophisticated. For retailers, having strong security policies and technology in place to discover, contain and resolve issues is critical to protect the organizations and its customers. Consumers should protect themselves by frequently checking credit card statements and/or using a credit monitoring service.