“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target’s chairman, president and chief executive, said in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Friday’s announcement is the result of an ongoing investigation into the security breach, Target said. The company is working with the Secret Service and the Department of Justice to determine who was behind the attack. Spokesmen at the Secret Service and the Justice Department declined to comment on the investigation.
Target’s problems reflect a crisis in how customer data is protected, analysts said.
“It’s a little frightening. These bad guys are getting into some of the most secure retailers’ networks, and I’m sure it’s not going to stop at Target,” Litan said. “We need a fundamentally different paradigm here for how we manage security.”
But, with few details emerging about how the crime against Target was committed, it’s hard to say what solutions could have prevented this particular breach.
Shoppers whose personal and financial data was stolen — the exact number is unclear — are at higher risk of falling victim to scams or having their information misused. Target said the two types of data are not linked within its system.
But consumer advocates point to the fact that Target is an industry leader at data mining, the practice of analyzing customers’ information to find out more about their preferences and shopping habits.
“That makes this breach all the more frightening,” said Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, an advocacy group. The volume of information Target has on its customers raised the stakes, he said.
Experts said that with names and mailing addresses, thieves can use the credit cards for online purchases that require that information. On top of that, they can try to trick people into providing even more sensitive information, such as Social Security numbers, or hack into their computers.
The company said it doesn’t know how many customers have found fraudulent charges on their credit or debit cards, but individual stories and lawsuits are beginning to crop up across the country.
A California shopper filed a lawsuit against Target last month and hopes to include other shoppers in a class-action case. Last week, a credit union in Alabama also took action against Target, seeking compensation for costs that would arise from issuing customers new cards, as well as any fraudulent charges