Target Breach Could Be Worse, Retailer Warns
Last year's massive security breach which led to the loss of the personal information of over 100 million Americans could possibly be worse, Target cautioned in a statement filed last week.
The cyberattack on Target, which was reported to the public in mid-December, resulted in the loss of 40 million payment records and 70 million other customer records. It is the largest theft of retail data in history, highlighting the growing necessity for increased cybersecurity and cybersecurity protocols.
"Our investigation of the matter is ongoing and it is possible that we will identify additional information that was accessed or stolen, which could materially worsen the losses and reputational damage we have experienced," Target said in its 10-K report filed with the Securities and Exchange Commission Friday.
It's unlikely that any new data loss discovered will match the scale of the December heist, but the message is clear: the case isn't shut. There's still plenty of information to sift through, especially after recent revelations that Target's security team was rather lax in dealing with the breach.
A recent Bloomberg Businessweek article reveals that Target received early warning signs about the breach, but did not act on them. Target security analysts in Bangalore, India noticed suspicious cyberactivity Nov. 30 and Dec. 2 and forwarded their concerns to Target headquarters. Target, however, decided not to act on it.
The consequences, it's obvious now, are dire. The red flags gave Target a prime opportunity to thwart the attacks: the suspicious activity was the stolen data being siphoned out of the Target's systems through various portals worldwide so that it could be stored safely for sale on the black market. The hackers already had what they wanted, and all they were doing was moving the merchandise out.
It's not surprising that shoppers are choosing Target less this year than the last. According to data from consulting group Kantar Retail, 33 percent of U.S. households shopped at Target during January 2014. The figure represents a dip from January 2013, when 43 percent of U.S. households shopped at the nation's No. 3 retailer. The breach has also pushed away fringe shoppers from the retail chain.
Several other major retailers, including Neiman Marcus and Michaels, have also been hit with cybersecurity breaches, prompting the U.S. government to take a stronger stance on the issue. One of the government's major areas of focus is fostering a speedier, more accurate, and more transparent disclosure process in the light of cyberattacks.
"Businesses should be required to provide prompt notice to consumers in the wake of a breach. American consumers should know when they are at risk of identify theft or other harms because of a data security breach," Acting Assistant Attorney General Mythili Raman told the Senate Judiciary Committee hearing last month.
"Never has the need for legislation been greater," Federal Trade Commission Commissioner Edith Ramirez said. "With reports of data breaches on the rise, and with a significant number of Americans suffering from identity theft, Congress needs to act.
The White House released a 39-page plan outlining a Cybersecurity Framework in February.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!