On December 19, 2013, Target disclosed that over 40 million customers who used a credit or debit card at one of its stores from Nov. 27 to Dec. 15 had their payment card numbers stolen in a cyber-attack. Investigators traced payment card numbers to black market sites, and Target received incredible reactions among angry customers who were forced to get new credit and debit cards.
Target’s response? 10% off for 2 days.
Really? First off, I don’t even want to buy anything just a week after Christmas—I’m broke. And second, a measly 10% is a pretty lame reparation for the identity theft of millions of unknowing people.
However, on January 10 the company said that the data breach is actually worse than originally thought; instead, the breach might have affected over 70 million customers, and these customers’ personal information—like names, mailing addresses, telephone numbers and email addresses—was stolen by hackers.
Yes, Target will get hit with great losses. They will have to pay an estimated $50 billion in reparations for what is bought with stolen cards, according to Gartner financial fraud analyst Avivah Litan, in addition to its reputation being tarnished.
But come on, is it too much to ask for that I do my Christmas shopping with the ease of a credit card without getting my identity stolen? I would hope not.
Target has apologized and is taking measures to advance their cyber security system so that something like this will not happen to them again. They apologized to customers with full page newspaper ads and created a partnership with credit-reporting agency Experian to provide all Target customers with a free credit-monitoring program.
However, many retailers have also had recent security breaches similar to Target’s but did not have a major customer backlash as did Target. For example, in 2007, TJX Cos., which owns T.J. Maxx, reported data theft involving almost 90 million credit and debit cards over a span of about one and a half years. After this security breach (which is currently the biggest in U.S. History), companies like Target and Walmart spent a lot of money on improving security.
Another huge security breach happened just about a month ago to luxury retailer Neiman Marcus, which operates 79 retail locations in the U.S. and reported sales of about $1.1 billion in its most recent quarter. Neiman Marcus has not yet released how many customers were affected, how long the breach occurred for, or what information was stolen, but they have confirmed that social security numbers and birth dates were not taken because the retailer does not accept pin numbers.
Target and Neiman Marcus should have caught their security breaches earlier and deserve to receive their consequences; the Target hackers attempted to hack various companies but had the most success with Target—most likely because Target’s security had major flaws.
Nevertheless, the United States as a whole needs to work to improve credit and debit card systems. Contrary to the magnetic strip used on cards in the U.S., Canada and Europe use a digital chip on their cards which generates a new code after every use and makes hacking more difficult. We need to work to improve our payment card systems so that we can limit identity theft as much as we can.