Amidst the hustle and bustle of the holiday shopping season, hackers silently managed to nab millions of instances of customer card data, the means and extent of which were unknown at the time. Shortly after Christmas, the company stated the hackers also got the encrypted PINs for the cards, a flip over their previous belief that none had been grabbed. Now another update has been pushed out, this one stating that the personal data — separate from the card data — was swiped on up to 70 million shoppers.
Among the personal information the hackers stole were the email addresses, names, and mailing addresses of up to 70 million store guests, details that — on top of the swiped card details — provide a solid foundation for the malicious among us to use someone’s banking information. This information gets shuttled into the underground and/or online markets and becomes a personal liability, putting one’s identity at risk.
This builds on top of the card information the hackers managed to get, which was fairly robust and included not only the card number and name, but also the security code on the back and the expiration date — all the information needed to use the card to make purchases online, for example. As far as the investigation showed, it seems only in-store visits were vulnerable to card theft, so those who exclusively shopped online may be safe.
Said Target’s President and CEO Gregg Steinhafel: “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this. I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”