Target revealed that data linked to some 40 million credit and debit cards may have been stolen in the crush of holiday shopping that began the day after Thanksgiving.
The breach may have continued until Dec. 15, although the Minneapolis-based retailer rushed to assure customers they could swipe safely now. “Target’s first priority is preserving the trust of our guests and we have moved to swiftly address this issue, so guests can shop with confidence,” CEO Gregg Steinhafel said in a statement today. The U.S. Secret Service said it is investigating the matter.
Janna Herron, a credit card analyst at Bankrate.com, said the timing of the breach wasn’t surprising, but the scale and duration of the theft was notable. “My Facebook is actually lighting up with this,” she said. “Everyone’s asking what to do.”
Her advice: People who shopped at Target in the past few weeks should keep a close eye on their card statements and call credit-rating agencies like Experian to put a fraud alert on their accounts. She also advised that consumers who think their accounts may have been compromised should check their credit reports a few months from now.
For Target, meanwhile, the security slip is likely to trigger a costly wave of lawsuits and IT upgrades.
After thieves swiped card numbers from at least 45 million TJX customers in 2006, the discount retailer said it spent more than $250 million to fix its computer systems, address legal claims and investigate the breach. That figure was akin to about 2 percent of TJX revenue in the year the theft occurred.
TJX eventually agreed to pay as much as $65 million in settlements with MasterCard, Visa and the banks that processed its credit card payments, while striking a separate deal to settle a class-action suit from customers. On the bright side, a rash of previous high-profile heists seems to have inured customers to these situations. In the quarter immediately following its announcement of its security breach, TJX reported a 6 percent increase in sales.