Target Could Be Liable for $3.6 Billion from Security Breach
This is just the beginning.
Target said on Friday that it is actively partnering with the United States Secret Service and the Department of Justice on the ongoing investigation into the malware that affected Target’s point-of-sale system in U.S. stores. The company can’t say anything further, as the Secret Service wants the details of the forensics and investigation under wraps.
"We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We’re in this together," said CEO Gregg Steinhafel days ago. "We recognize this issue has been confusing and disruptive during an already busy holiday season. We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores."
According to SuperMoney, Target may be facing a fine of $90 for each cardholder’s compromised data, equaling a hefty if not scary $3.6 billion USD liability. That’s in addition to civil litigations, fines from banks and credit card institutions, the cost of re-fortifying its network and related security evaluations, and more.
TechCrunch explains that the $90 fine stems from the PCI Council, which was formed in 2006 by Visa, American Express, JCB, Discover and MasterCard. This group oversees the new Payment Card Industry Data Security Standard, or PCI SDD. This standard defines how organizations manage cardholder information. If retailers are found violating the standard, they’re fined $50 to $90 per cardholder data compromised.
On Thursday Target confirmed that hackers managed to access its computers and stole the credit and debit information of around 40 million customers who shopped at Target, which has nearly 1,800 stores nationwide, between November 27 and December 15. The thieves retrieved customer names, credit card numbers and expiration dates.
As of Friday, two separate class action lawsuits were filed in U.S. District Court in Minnesota, filed on behalf of three Target customers who claim they’re suing for all affected customers. They are accusing the company of negligence, and claim that the company failed to notify customers as soon as it learned of the theft.
"In one of the largest-ever commercial breaches of private information, Target failed to secure the payment information of its customers over the busy holiday shopping season,” reads one of the suits, filed by Minneapolis attorney E. Michelle Drake. "As a consequence of Target's conduct, Plaintiffs and the classes are exposed to fraudulent charges, identity theft, and damage to their credit scores."
If the whole hacking ordeal wasn’t bad enough, KrebsOnSecurity reports that the stolen credit card information is being sold in the underground black markets for between $20 and $200. Even more, one security team was able to purchase a portion of the numbers before Target admitted to the data breach. That seemingly backs up the lawsuit claiming that Target didn’t acknowledge the problem in a timely manner.
That said, the fines Target will likely face with the PCI Council will merely be the proverbial tip of the iceberg.

Funny thing is that I was in a Target during that time to do some holiday shopping, but as their prices were too high, and I couldn't find exactly what I was looking for I happened to go elsewhere. But $15 less and I would be in the thick of this along with 39,999,999 other people.
How is the government to blame?
The BANKS are the ones that have been resisting the switch to more secure chip embedded credit cards. While Target may shoulder some of the blame for this attack (very hard to determine due to lack of details thus far) the banks are the ones that have to this point determined that having easy to clone cards is better than paying for more secure cards.
That's rather like deciding it's time to start locking the vault only after you've been robbed a few times.
complete bull. I know savvy computer users that have done nothing wrong, except clicking around in their browser and finding something wrong, an 'exploit' and getting 10+ year prison sentences.
If you knew anything about what you are talking about, you would know there are already countless unjust and very harsh penalties for finding and REPORTING very simple computer vulnerabilities. 18 months low security my ass. Considering how many talented young people I know in prison for 'hacking', it's no wonder this is going to likely turn up a foreign attack. What about that?
I have, of course, no evidence that Target did not take reasonable precautions. Just saying "if."
On top of that not notifying the people effected in a reasonable amount of time.
Now from what I gather these are just allegations at the moment, but if found to be true it's completely on target in every way.
Though I will agree that only lawyers will be the ones really getting paid while the people actually affected (depending on their bank, with mine I doubt I would have an issue) may have to jump through some hoops to get everything taking care of.
Merchants are the party that are resisting the chip card. I am a manager for a midsized Credit Union and oversee the plastics department. Stock would be more expensive, but financial institutions eat most of the fraud costs these days - the added stock cost would be next to nothing vs fraud expense. So you are both wrong.
And let's all calm down. The market for CC information is much smaller these days. In the past a breach like this would be sold to European criminals, but since most of Europe is on the chip... there will likely be some fraud, but just cause you used your card at Target doesn't mean it will affect you. Plus zero cardholder liability blah blah blah. Media loves this crap.
This BS from lawyers and people down in the states sueing over every damn little thing is ridiculous. All companies will get hacked. WILL! It's not If, it's when. There will always be someone who finds a way to circumvent protections in place. The next thing we hear is that some family in Oklahoma is sueing their kids school because some other kid got better grades than their kid, and it made them feel bad. Give your heads a shake. Common sense is sorely lacking in this greedy capitalist world.