Target, Neiman Marcus face data breaches. Now, others?
It鈥檚 shaping up to be a nightmarish holiday shopping season for US retailers. First, Target fell victim to a data breach that compromised between 70 million and 110 million shoppers鈥 financial information (including credit card numbers, PIN numbers, and e-mail and mailing addresses). Last week, high-end department store Neiman Marcus disclosed its own cyberattack, which put the information of up to 40 million shoppers at risk.
More may be on the way. that at least three other well-known US retailers faced data breaches during the holidays, citing information from unnamed sources.
鈥淭he sources said that they involved retailers with outlets in malls, but declined to elaborate. They also said that while they suspect the perpetrators may be the same as those who launched the Target attack, they cannot be sure because they are still trying to find the culprits behind all of the security breaches,鈥 the Reuters report reads. 鈥淟aw enforcement sources have said they suspect the ring leaders are from Eastern Europe, which is where most big cybercrime cases have been hatched over the past decade.鈥
The report didn鈥檛 say whether the Neiman Marcus breach was related to the others.
The Target cyber break-in affected customers who shopped in-store and online between Nov. 27 and Dec. 15, in the thick of the holiday season. Though Target initially said about 40 million shoppers were affected, the retailer revealed last week that the hackers stole between 70 million and 110 million shoppers鈥 credit card numbers, PIN numbers, e-mail and mailing addresses, and phone numbers. Target also came under fire for waiting four days to disclose the breach publicly.聽
Target chairman and CEO Gregg Steinhafel defended that decision in an interview on CNBC Monday, saying that the company "wanted to make sure our stores and our calls centers could be as prepared as possible," and that employees "worked around the clock to try and do the right thing.鈥 He reiterated that because the matter is still under federal investigation, Target 鈥渃an only share so much.鈥
Neiman Marcus鈥檚 investigation is also ongoing. "We informed federal law enforcement agencies and are working actively with the US Secret Service; the payment brands; our merchant processor; a leading investigations, intelligence, and risk management firm; and a leading forensics firm to investigate the situation," the company鈥檚 official statement reads.
Both Target and Neiman Marcus pointed to malware that was installed on 鈥減oint of sale鈥 registers as the problem, which Reuters also cited in the report of other targeted stores. Visa warned of similar attempted attacks on its system early last year, but the latest rounds are much more sophisticated, according to TechCrunch.
The good news? Such attacks are less damaging to consumers than they are to retailers. Yes, there鈥檚 the hassle of canceling credit cards, changing e-mail passwords, and extra-careful monitoring of bank statements. But credit card companies will pay for any fraudulent charges, and then recover the money by charging the retailer. That means Target stands to take a big hit: as much as $50 million, according to CNN Money. The retailer also announced last week it would offer free credit monitoring and identity-theft protection for worried customers.
The biggest risk, experts say, is that potential scammers could have customers鈥 contact information and the knowledge that they shop at Target. But that on its own isn鈥檛 enough for identity theft. "It's bad they got a customer list, but the worst case scenario is a very targeted email phishing campaign," said Adrian Sanabria, a security analyst, told CNN Money. "I don't see any risk of identity theft from having that exposed."
