Over the course of 19 days, beginning on the day before Thanksgiving, hackers obtained personally identifiable information, including credit card numbers and security codes, from 40 million shoppers at some 1,800 Target stores in the United States. It was one of the largest, speediest and most sophisticated retail-data thefts ever.

The largest retail data theft was in 2007 at T.J. Maxx and Marshalls (both are owned by The TJX Companies, Inc.). It involved the theft of data from 90 million credit cards over the course of 18 months. The thieves obtained the data by hacking into the company's back-office computer system. In contrast, investigators believe the Target thieves used a technique called "skimming," which required them to implant a small chip or software application into the credit-and debit-card magnetic stripe readers attached to each store's cash registers. Who implanted the chips or software — and how they did it — are the big questions facing investigators.

Over the weekend, Target offered its customers a 10% discount in its U.S. stores and free credit monitoring to at-risk customers. That was not nearly enough to keep everyone happy. Target customers already have filed nationwide class-action lawsuits against the company.  State attorneys general are investigating Target to determine when Target realized there was a security issue and how quickly it responded. JPMorgan Chase announced that customers who used its debit cards during the breach period would be limited to daily withdrawals of $100 and daily purchases of $300.

The incident highlights the importance of using physical safeguards to protect customers' personally identifiable information against theft.

Topics:  Cyber Attacks, Data Breach, Hackers, JPMorgan Chase, Marshalls, Personally Identifiable Information, T.J. Maxx, Target

Published In: General Business Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© WeComply, a Thomson Reuters business | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »