recommended reading

The Target Data Breach Is Worse Than You Thought

Flickr user noise64

The historically gigantic data robbery from nationwide Target stores nabbed credit and debit card data from approximately 70 million customers, Target announced Friday—a figure almost twice as large as originally reported.

The new number, up from an earlier estimate of 40 million, does not represent an additional data breach but a recalculation based on Target's own internal investigation into the matter, which was first exposed by cybersecurity blogger Brian Krebs last month. The massive data heist included names, mailing addresses, encrypted personal identification numbers, and phone numbers of the customers affected.

"I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target's chairman, in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

Target, in an attempt to lessen an ongoing public-relations nightmare, said it will continue its investigation and promised that "guests will have zero liability for the cost of any fraudulent charges arising from the breach." Additionally, the company has pledged to offer one year of free credit monitoring and identify-theft protection to all customers. Those wishing to enroll for the services have three months to do so.

Earlier this week Sen. Thomas Carper, D-Del., said he wanted to reintroduce a bill to create a national reporting standard for data breaches like the one that seized Target. It would apply to retailers and financial institutions and require both to tell government and consumers of harmful data breaches.

"Consumers, government agencies, and businesses of all kinds have proven to be extremely vulnerable to fraud and identity theft, and the Target data breach is just the latest example of this serious problem" Carper said in a statement.

The original breach revelation, which occurred during the holiday shopping season, left many wondering whether Target's growth would be hampered. Today's announcement makes it clear that the company has suffered. Its fourth-quarter outlook update notes "meaningfully weaker-than-expected sales since the [data breach] announcement. Target also announced it is also closing eight stores around the country.

Shares of Target stock had dropped more than 1 percent Friday morning.

Get the Nextgov iPhone app to keep up with government technology news.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.