More bad news from the Target camp Friday morning as the company released a statement saying the hacks against customers' data are even worse than they thought. And it was pretty bad to begin with.
The company has been investigating its cybersecurity after a Black Friday weekend breach left 40 million people with their account numbers stolen. Now the company says the number of affected customers is much higher. (Via WTNH)
Target's somewhat vague statement said it uncovered a breach that could have affected 70 million customers. Many news outlets are reporting this as an updated number of the Black Friday breach. (Via Target, USA Today, The Huffington Post)
Which is unsettling, but not as unsettling as what other publications are reporting. The Wall Street Journal wrote that these two groups — the 40 and 70 million — were separate attacks.
The Journal learned from Target spokesperson Molly Snyder that "it's likely that the two groups overlap, though it's unclear to what extent."
Snyder also spoke with tech news site Re/code, which wrote: "In other words, the total number of Target customers affected could be more than 70 million, though likely less than 110 million. But Target can not [sic] yet assess the total damage as it continues to investigate."
So, yeah, whether it's 70 or 110 million affected customers or somewhere in between, the amount is still staggering. But we're not quite done with the bad news, Target shoppers. The company said it found out it wasn't just account numbers that were hacked.
"Target is also saying it was a lot more data stolen — your name, your phone number, your mailing address and maybe your email address. Those are all really good keys for hackers to use to try to steal your identity." (Via HLN)
In the Black Friday attack, Target's point-of-sale registers were infected with a virus to mine data from cards. Other countries have begun using a chip in credit cards instead of the magnetic strips that card-swiping malware can easily access, but the U.S. is not expected to make the transition for several years. (Via NPR)
Target's statement said much of the data stolen is only partial, but it's still concerning. Dan Kaminsky, co-founder of White Ops cybersecurity firm, told the Chicago Tribune: "Attacks of this scale are common, but attacks that get this class of data are unusual. It's a war out there."
So if this is a cyberwar of sorts, Target has gone on the offensive. The company plans to help protect its affected customers from fraud.
"The company now says it will pay for one year of free credit monitoring and identity theft protection for all guests. Details will be released next week." (Via KARE)
Target will try to contact customers via email if their information was stolen. Target will not ask customers for personal information in these communications. The company's website has more tips and information for customer safety.
