Late last week, Target confirmed that its security systems had been breached. Hackers gained access to an estimated 40 million debit and credit card accounts of consumers who shopped at any of Target’s retail stores between November 27 and December 15.
Target said it began contacting banks, credit card issuers and the authorities as soon as it became aware of the situation. According to security experts, hackers most likely targeted the retailer’s point-of-sale system.
Just a day after the announcement, counterfeit versions of the stolen cards were found for sale on the black market.
Target, meanwhile, has been contacting all of its customers who shopped in its US stores with a debit or credit card during the affected time period, emphasizing that customers’ birth dates, Social Security numbers and home addresses were not stolen.
Consumers who have tried to get through to Target’s website or call center for more information have been met with disappointment and long waits. Over the weekend, Target offered customers a 10% discount on in-store purchases in an attempt to regain consumer confidence. Customers affected by the breach will also be given free credit monitoring services by the retailer.
Despite the appealing discount, store traffic was down over the weekend, according to the Wall Street Journal.
Data Breach Spurs Lawsuits and Investigations
The fallout of the breach continues this week as the retailer faces lawsuits from angry consumers. Lawsuits were filed in Oregon and California by consumers who allege Target “failed to implement and maintain reasonable security procedures.”
One lawsuit was filed in San Francisco on Thursday by Jennifer Kirk, a customer who hopes the lawsuit will be certified as a class action. Her lawsuit accuses Target Corp of negligence, invasion of privacy and more.
Her lawyer, Robert Ahdoot of Ahdoot and Wolfson in Los Angeles, invites customers affected by the data breach to contact their attorney and discuss options. Ahdoot also said the phone at his law firm has been ringing off the hook since the lawsuit was filed.
A second lawsuit was filed on Friday by Lisa Purcell, a customer in Portland who used her debit card at a Target store on December 9 to buy Christmas presents. She is suing the retail giant for negligence and violating Oregon’s Unlawful Trade Practices Act.
In total, three class action lawsuits have been filed as of Monday seeking more than $5 million in damages. The Attorney General in Massachusetts, South Dakota, New York and Connecticut have also asked Target for information, which may be the first step in a multi-state investigation.
Card Issuers Take Action
JPMorgan Chase and Co. said on Saturday that is is notifying customers who used debit cards at Target during the breach that it will limit use of the cards to $100 a day cash withdrawals and purchases totaling just $300 a day.
“Almost two million Chase debit card accounts will be affected by the limit, which does not apply to credit cards.” says Christine Layton, expert and blogger at Credit Forums.
The bank sent an email notification to customers titled: “Unfortunately, your debit card is at risk by the breach at Target stores.” Chase acknowledged the limit “could not have happened at a more inconvenient time,” but is taking precautions to protect customers.
Chase also opened more than a third of its US branches on Sunday, particularly those near large shopping complexes and those that can instantly issue new debit cards. It said employees at 5,600 branches will help customers get more cash as it reissues affected debit cards over the next few weeks.
Citibank is also planning to impose limits on debit cards for affected customers if it notices suspicious activity.
Banks like Citibank and Chase may hit Target with lawsuits in coming weeks to help pay the expense of cleaning up the mess of the breach. One information security expert called legal action from banks likely. In 2007, a breach of accounts at T.J. Maxx parent company TJX Companies caused a $256 million settlement with credit card companies and banks.
If the breach could have been prevented, Target will also face fines for violations of credit card association rules.
There is still no idea how many customers were actually affected, and there have been very few incidents of actual fraud so far. We do not know if Target was negligent, or whether the hackers at work were just very skillful.
Potential Change in Card Technology
Some experts believe the breach may lead to more hack-resistant smart cards in the near future. In the United States, most debit and credit cards have magnetic strips on the back that are easy to replicate and contain most account information. In the rest of the world, most credit and debit cards use digital chips that create a unique code that’s hard to copy each time the card is used.
The United States is one of the only places that still uses the outdated magnetic strips. The additional encryption on smart cards would have made this theft almost impossible to pull off, and there’s really no excuse for the outdated technology to still be so widespread.
via Business 2 Community http://www.business2community.com/finance/target-hit-major-lawsuits-investigations-data-breach-0724414?utm_source=rss&utm_medium=rss&utm_campaign=target-hit-major-lawsuits-investigations-data-breach
Aucun commentaire:
Enregistrer un commentaire