Scope of Target Data Breach Widens; Neiman Marcus Also Hit (Jan. 13, 2014)
The scope of the data breach Target Corp. initially disclosed last month has expanded from 40 million credit and debit card customers to as many as 70 million more Target customers whose names, mailing addresses, phone numbers or emails may have been exposed, the retailer said on Jan. 10. The second set of data, which Target said it gathered in the normal course of business, was stolen between Nov. 27 and Dec. 15, the same time frame as the initial cyberattack, when thieves installed malware on the company’s POS system, Target said. There may be some overlap between the initial 40 million customers affected and the 70 million customers whose personal information was exposed, according to Target. Target has identified and closed the attackers’ entry point and is cooperating with local law enforcement and the Department of Justice in ongoing investigations.
Upscale department store operator Neiman Marcus on Jan. 10 confirmed to security blogger Brian Krebs that thieves stole some of its customers’ payment card information over the holiday season, providing no further details. Hackers also breached the customer data of a few more unnamed retailers, Reuters reports, though it’s unknown whether the Neiman Marcus and Target breaches are related.
Last week some lawmakers called for an FTC investigation of Target’s security practices. Target confirms on its Website that encrypted payment card PIN data was not affected by the breach. While cardholder verification data stored on cards’ magnetic stripes was exposed, thieves did not get the three- and four-digit CVV2 codes printed on payment cards, Target notes.
On its Website Target is warning customers to beware of scams involving email, phone calls or texts where fraudsters use customers’ personal information to invite victims to share more financial and account data or lure customers to click on sites that install malware on their computers and smartphones. Target for the next three months will offer all interested customers a free year of credit monitoring and identity theft protection.