Target Admits Data Breach May Have Up To 110 Million Victims 213
Nerval's Lobster writes "Retail giant Target continues to drastically downplay the impact of the massive data breach it suffered during December, even while admitting the number of customers affected is nearly twice as large as it had previously estimated. Target admitted today the massive data breach it suffered during the Christmas shopping season was more than twice as large and far more serious than previously disclosed. A Jan. 10 press release admits the number of customers affected by the second-largest corporate data breach in history had increased from 40 million to 70 million, and that the data stolen included emails, phone numbers, street addresses and other information absent from the stolen transactional data that netted thieves 40 million debit- and credit-card numbers and PINs. 'As part of Target's ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach' according to Target's statement. 'This theft is not a new breach, but was uncovered as part of the ongoing investigation.' The new revelation does represent a new breach, however, or at least the breach of an unrelated system during the period covered during the same attack, according to the few details Target has released. Most analysts and news outlets have blamed the breach on either the security of Target's Windows-based Point-of-Sale systems or the company's failure to fulfill its security obligations under the Payment Card Industry Data Security Standard (PCI DSS)."
That's the whole country (Score:5, Interesting)
According to the Census Bureau [census.gov], there're about 115 million households in the US. Target has basically admitted that the theft amounts to their entire database.
I'd like to think that this would mean the end of the credit reporting rackets; how can anybody even pretend any more that that data is meaningful when this sort of fraud is taking place? But I also wanted to think that the Snowden revelations would have meant the end of the NSA, so clearly I'm not somebody anybody is paying or should pay attention to.
Cheers,
b&
Lots of class actions (Score:1, Interesting)
I'm a plaintiff's attorney and I filed before Christmas. Lots of other firms out there with lots of other cases.
Target should have had at least had one sys admin to see that kind of data bump crossing their network while the breach occurred. They advertise for techs that can use Hadoop. They have to understand something about data and bandwidth with 100 million names in a database.
With that amount of data crossing the servers, shouldn't someone seen something?
There's more. Write me if you want info about mine or other cases. target at paulwhalen dot com
[nothing within this post shall be considered a legal opinion, solicitation or attorney advertising]
They declined me ... (Score:5, Interesting)
[True story!]
Good excuse (Score:5, Interesting)
My wife may finally understand why I want her to stop giving her data to a million different stores in exchange for a 5% discount or 500 bonus miles.
Re:Target needs to be sued (Score:3, Interesting)
In the period of time between Black Friday and Dec. 17, when Target says this all went down, if they were open 12 hours a day, that's one card every 3 seconds.
Oh, wait. that was when they claimed it was 40 million names.
No way this was real time. Target must have been data mining.
Bad Math? (Score:4, Interesting)
Re:Target needs to be sued (Score:5, Interesting)
Am I the only person who doesn't care anymore? (Score:5, Interesting)
Re:Target needs to be sued (Score:5, Interesting)
To me, this is an indicator that they don't care. I mean, that card was their property, and they knew that it was being used illegally, and yet they didn't want to get the police involved. I mean, it's not a shit-ton of money, maybe $400/month, but for 3 months? Of course, this may just be a 'bug' in their system, to do with gas tanks specifically, and maybe now that bug is fixed. But the people that he spoke with on the phone never had a doubt in their minds as to what to tell him. They never had to ask a manager, or anything like that. As though that type of thing happens a lot, and they knew how to 'handle' it.