In addition to thieves swiping the credit and debit card information from 40 million customers, the Minneapolis-based retailer disclosed Friday that the same criminals acquired names, addresses, and phone numbers from up to 70 million additional accounts.
The loss of such personal information significantly strengthens the legal cases of banks, credit unions and individuals looking to sue Target for fraud, negligence and invasion of privacy, some legal analysts say. Unlike credit and debit cards, which banks can quickly cancel or replace, most consumers are not about to change their names or where they live.
“It adds a lot more firepower [to lawsuits],” said Jack Tomarchio, an attorney who specializes in cybersecurity and data protection for the Buchanan Ingersoll and Rooney law firm in Philadelphia.
Normally, a plaintiff would need to prove specific damage from a data breach. “But the more personal information thieves stole, just the invasion of privacy claim alone could be enough [to prevail],” Tomarchio said.
Target spokeswoman Molly Snyder said the company does not comment on future or pending litigation. The company has said customers would have “zero liability” for any damage they suffer due to the theft of its data. It has offered to provide free credit monitoring and identity theft protection for customers for a year, and will announce details of that program soon.
Target, the nation’s second-largest retailer with more than 1,900 stores and 360,000 employees, already faces at least 10 lawsuits seeking class-action status, Tomarchio said — a number that many legal analysts expect to climb.
The most significant question shadowing Target’s legal exposure is how many customers had both their credit card information and personal information stolen, a possibility the company has acknowledged.
“There could be some overlap,” Snyde Taken together, the data breach allows thieves not only to use the credit card information to make purchases, but to steal identities by creating false driver’s licenses and other forms of identification. Such a scenario could lead to more-extensive fraud and greater legal exposure for Target, Tomarchio said.
For now, legal analysts say it’s difficult to assess the extent of Target’s liability given the still-evolving circumstances. But Eric Mazur, managing director at Huron Consulting Group, says it would cost banks at least $100 per card to cancel accounts and reissue cards because of the data breach.
Combined with consumer claims, “the cost to Target could be astronomical,” said Mazur, whose specialties include computer forensics.
T.J. Maxx paid $168 million
In 2007, thieves stole consumer information from an estimated 100 million cards used at T.J. Maxx. The retailer ultimately paid out a total of $168 million in settlements, legal and regulatory costs. The breach at Target appears to be deeper and more damaging, some analysts say.
Normally, large corporations carry a general liability insurance policy to cover these types of bills. In Target’s case, the company is self-insured, meaning the retailer sets aside a certain amount of money each year for potential losses.
Target put a total of $1.2 billion in fiscal years 2012 and 2011 into reserves to cover general liabilities and workers’ compensation, according to documents filed with the Securities and Exchange Commission.
“We believe that the amounts accrued are appropriate,” the filing said. “However, our liabilities could be significantly affected if future occurrences or loss developments differ from our assumptions.”
For example, a 5 percent increase or decrease in average claim costs could have altered Target’s self-insurance expenses by $31 million in fiscal 2012.
The company noted that insurance claims rarely are material to its financial statements. But Target has never experienced a data theft of this magnitude before — it is at least the second-largest known breach in U.S. retail history.
A key part of Target’s legal defense will be whether the company can argue that it took “reasonable” steps to safeguard the data, such as employing a third party to ensure that its systems met industry standards, Tomarchio said.
Much of that depends on the outcome of Target’s forensic investigation into how the thieves stole the information in the first place. Normally, companies are not supposed to store financial information (credit cards, PIN numbers) and personal information (names, addresses, phone numbers) in the same place, Mazur said.
“That’s what puzzles me,” Mazur said. “I’m not quite sure how the thefts of both sets of information happened.”
In any case, Target should resolve these lawsuits as soon as it can, said Randy Maniloff, an insurance attorney with the White and Williams law firm in Philadelphia. Otherwise, the threat of legal liability will linger over shareholders for years, he said.
“You don’t want unquantifiable uncertainty on your books.” Mazur said Friday.
Target disclosed on Friday that a mass information breach involved data belonging to up to 110 million individuals—a number far more extensive than originally believed.
The big box retailer said that a probe into the hacking of customers’ personal data found that stolen information—separate from payment information already reported—included names, mailing addresses, phone numbers or email addresses for tens of millions. The new figure was significantly higher than the 40 million the company initially reported.
Although Target previously stated the breach wouldn’t compromise card holders’ accounts, the dramatic rise in the number of people affected called that assumption into question.
Dow Jones reported Friday that Target shoppers’ information was stored separately from the 40 million credit and debit card accounts that the discount chain had said were affected back in December, when the breach was initially reported. Friday’s disclosure indicated that a different system had been hacked.
The third largest U.S. retailer said there was some overlap between the two sets of stolen data but didn’t say how extensive it was. The entry point for the attack has been identified and closed, spokeswoman Molly Snyder said. State attorneys general from around the country are banding together to probe the Target data breach, New York Attorney General Eric Schneiderman said on Friday.
Jaclyn Falkowski, a spokeswoman for the Connecticut Attorney General, said separately that Connecticut is joining with New York and other states in the probe. A Target official could not immediately be reached for comment on the state attorney investigations.
Given the vast amount of personal data at stake, Target’s announcement gave the issue a new sense of urgenty. Experts say thieves may find a way to manipulate sensitive data to withdraw money from card holder accounts, or make other unauthorized transactions. In the wake of the mass theft, the retailer vigorously disputed reports that personal identification numbers (PINs) had been compromised.
“The unfortunate part about this, the part we can’t escape, is that once the information is gone, it’s gone,” Paul Viollis, CEO of Risk Control Strategies, told CNBC in an interview. “The consumer is going to have to monitor on a monthly basis not only their credit card statement, but from their credit bureau as well.”
Regardless of that vigilance, the compromised data “is going to lead the criminal to where the people live, how many homes they have, where they travel to, what they buy, and that whole pattern of whether that person is affluent or not,” Viollis added.
Target has struggled to manage the fallout of the stolen data, which was hacked from the company’s cash registers between late November and early December. The snafu impacted the ability of millions of Americans to withdraw money and make purchases on their bank and credit cards ahead of the critical holiday shopping season.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, Target’s president and CEO, in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
The company said that is clients would have “zero liability” for costs incurred by fraudulent charges. Additionally, it promised to provide a year of free credit monitoring and identity theft protection to all consumers who shopped at Target locations.
Ian Gordon, equity research analyst at S&P Capital IQ believes the security breach won’t deter shoppers from making future purchases from the retailer although he predicts there will be repercussions.
“I think consumers will come around and we expect there to be some impact probably next year, but over time we think it will work out,” Gordon said on CNBC’s Power Lunch. “The shares are fairly reasonably valued, we see earnings growth pretty strong over the next couple years.”
“The question is going to be, what are the costs to Target in terms of legal and settlements and penalties,” he added.
But not everyone agrees the retailer might be resilient to all the recent bad news.
“Unfortunately Target has released a lot of bad news over the past 12 months including much weaker-than-expected results in Canada, negative traffic in the U.S., and so I think investors have been looking at this stock and saying, ‘how much worse can it get?’ ” said Faye Landes, Cowen & Co.’s managing director on CNBC’s Street Signs.
On CNBC’s Squawk on the Street, Risk Control Strategies CEO Paul Vollis said, “The information that’s available whether or not someone is actually going to know it was stolen, is slim to none.”
Vollis adds he believes Target is being responsible to its consumers and are being transparent with the public. “The unfortunate part about this is that once the information is gone, it’s gone. The consumer is going to have to monitor not only their credit card statement, but from their credit bureau as well.”
sales in the wake of the data breach, Target also cut its fourth-quarter adjusted earnings per share (EPS) forecast for its U.S. operations to $1.20 to $1.30, from $1.50 to $1.60.
Target’s stock, traded on the New York Stock Exchange, fell 1.1 percent in afternoon trading.
By: Javier E. David and Izzy Best, CNBC.com , Reuters and Dow Jones contributed to this article.
More people murdered in Nyanga (Western Cape) than anywhere else in the country.
Over One hundred and Sixty OneThousand people murdered in South Africa since 2004
47% of all drug related crime in the country occur in the Western Cape.
5900 crimes are reported by the SAPS everyday day!
Over 43 people murdered on average everyday in South Africa.
The world average for murder is 7.6 per 100 000 people. Murder in South Africa is 36.5 per 100 000.
Honduras stats show that 60.9 people are murdered per 100 000. Thats nearly twice as many as South Africa!!
“Crime expands according to our willingness to put up with it.”
– Farber, Barry J.
“I learned that courage was not the absence of fear, but the triumph over it. The brave man is not he who does not feel afraid, but he who conquers that fear.” – Nelson Mandela
It`s been estimated that SA has lost R650-billion to corruption over the last 18 years.
More than 2 million crimes were reported by the SAPS for the twelve months between 2010/2012.
Nearly 16000 people were murdered in SA in the twelve months between 2011/2012.
KZN is the highest murder province in South Africa. Then the Eastern Cape followed by Gauteng .
Over 400 drug related crimes reported daily.
Mitchells Plain in the Western Cape reports the more crime than any other precinct in the country.
There are 29 different crime categories used by the SAPS for reporting crime stats.
There are about 1118 precincts (police stations) in South Africa.
Johannesburg – Businesses need to focus on the threat posed by cyber crime, a law firm said on recently.
“If I was speaking to you two years ago, the bulk of my practice was procurement fraud, and things like business hijackings, financial statement fraud and the like,” Dave Loxton, the head of business crime and forensics at Werksmans, told reporters in Johannesburg.
“In the last two years, my whole practice has shifted across to cyber crime.”
Cyber crime is any crime involving a computer or the internet.
Authorities in countries such as the US, the UK and Europe had indicated to Loxton that within the next three years the proceeds of cyber crime would surpass those of all other forms of white collar crime combined.
“That is the way it is going,” he said.
A case Loxton had worked on involved a major South African company with a presence in Africa, Europe, and the US.
“They had their server hacked by a syndicate and the syndicate sat on their server for four years before they were aware,” he said.
“In that four years, the syndicate intercepted every single board pack (board reports), every single confidential piece of information between the MD and his co-directors, plus they sold product which is stored in the warehouse.”
The security breach was discovered only after an employee noticed that his laptop was acting strangely, which led to an investigation that uncovered the breach.
“It was an international syndicate involving Russians, Bulgarians, Latvians, Nigerians, and South Africans,” Loxton said.
“It involved money laundering, it involved human trafficking… it was a very slick operation.”
The South African member of the syndicate, who was located near the corporation’s offices, was being paid in drugs, not money, as he was a drug addict.
It was rare that cyber criminals were individuals, but rather syndicates operating almost like businesses. Cyber crime was linked to other illegal activities such as drug running and human trafficking.
“You can imagine the enormous negative impact on the client,” he said.
“At this stage, the investigation is still ongoing. We don’t know if there has been sale of intellectual property. We don’t know if there has been sale of trade secrets.”
The corporation concerned was concerned about leaks to the media, as the potential for reputational damage was huge.
“Business should be focusing a lot more on cyber crime.”
Loxton said the public needed to be aware of what information they shared on social networking platforms, such as Facebook, as this could be used by cyber criminals.
He mentioned an instance where a cyber crime consultant showed him, through using a random person’s phone number available on Facebook, how it was possible to hack a person’s smartphone.
Through that number, the consultant was able to trace the exact location of the number’s owner to a department store in Singapore, in real time.
“I’ve heard experts say its easy to hack a person. It’s not easy to hack a computer… the compromise is through people, not systems.”
Cyber crime cost South Africa around R1 billion annually, with the FBI in the US placing South Africa as the country with the sixth-highest rate of cyber crime.
Informal consensus within the private sector ranked South Africa third, behind Russia and China.
South Africa had proved to be a particularly fertile ground for cyber crime because of its “lawless society”.
Cyber crime syndicates knew law enforcement was “paper-thin”, and that there was a low chance of their being arrested and successfully convicted, said Loxton.
“We are generally dealing with highly intelligent, sophisticated people… It is a national crisis,” Loxton said.
“The syndicates find it quite easy to operate in South Africa due to a lack of resources.”
The Norton security firm stated that about US110 billion (about R1 trillion) was lost worldwide to cyber crime.
Loxton said South Africa’s banking sector was “superb”, as the major banks had strong internal forensic services. The problem lay with the customers.
“I think our banks are superb. They can’t answer to their customers who are stupid, to be blunt,” Loxton said.
“The advice is there…. They can’t protect customers from themselves.
“You can’t protect people from their own greed and foolishness.” – Sapa
October 23 2013 at 06:20pm
Deon Terblanche of Mikro Stationery has reported that the cc has become insolvent. Their Telkom land line is now out of service. Should any business need assistance with legalities, please contact Philip Smit on 011 6466120.
“Customers expect more and more value-added services from retailers,” he says. “But adding a new terminal or hardware peripheral device for each service creates challenges. If you have a credit card terminal, and maybe a second one from another bank, and need to add yet another to support gift cards and loyalty, the till environment can get unacceptably cluttered.”
Wasted cashier time and longer queues are just the start of the challenges, says Steyn. “Having multiple standalone terminals at your till puts you at much greater risk of mistakes and fraud. For example, when your card payment terminal isn’t integrated with your point of sale software, it means every payment transaction has to be manually performed on a card payment terminal and then captured on the point of sale as well. That invariably leads to mistakes and typically manifests itself in end of day reconciliation exceptions.”
Adding a new terminal for each service also means training and retraining staff. “That’s a huge expense on its own – and it probably won’t be enough. If you’re incentivising your staff by how quickly they can move people through the till, but checking loyalty points on the terminal takes a few extra seconds per customer, they have a very good reason to forget about the loyalty programme.”
Finally, there are all the attendant problems of managing multlple pieces of hardware and associated consumables. “Three terminals might mean three different network connections and three different printers, which take three different kinds of paper. This can be a real issue, and a major waste of resources.”
Integrating services onto the point of sale means retailers only need to deal with one POS system, one printer and one network connection, he says. “It also means you get 100% accuracy, transactions are faster to process and it’s easier to train cashiers. Services such as coupons and loyalty, which require reference to the actual items purchased, can only be optimally implemented when integrated to the point of sale. This supports the Implementation of common business processes across all value added services, with the associated savings and productivity.”
“Retailers are best at doing retail,” he says. “Managing multiple bits of IT is not their core business, especially in smaller retailers, and it shouldn’t have to be. Rolling up multiple services into your point of sale system makes life much easier.”
Innervation Value Added Services assists retailers to achieve enhanced customer service, increased revenue and sustainable competitive advantage via strategic engagement and by enabling a wide range of services across all customer touch points. Innervation utilises an agile switching and reconciliation platform to seamlessly integrate to customer touch points (POS, mobile, web, call centre, self -service kiosks and social media) and also to retail enterprise financial and CRM systems. The company’s core product offerings include the Destiny electronic payments switch and the Destiny Stored Value suite of products, including gift card, loyalty, vouchers and coupons. Commodity services such as prepaid airtime and bill payment are supported via interfaces to the Value Added Service Providers preferred by the merchant.
A bookkeeper was jailed for eight years by the Specialised Commercial Crime Court in Bellville on Thursday.
Barbara Aletta Kuhn, 47, was sentenced on 91 counts of theft involving R1.4m.
According to the charge sheet, she was engaged as bookkeeper by two companies owned by Ivar Kvale.
Magistrate Sabrina Sonnenberg agreed with prosecutor Jannie Knipe that Kuhn had abused a position of trust, which called for a prison sentence.
She also agreed with Knipe that white collar crime was difficult to expose, as it was perpetrated by intelligent people who devised schemes to cover their tracks.
The magistrate said prison sentences were not reserved for the punishment of violent crime, and that the message to the community had to be that offenders involved in white collar crime also went to jail.
Kuhn manipulated the electronic accounting system connecting both businesses between December 2006 and February 2007, and was arrested in Gauteng in November 2007.
Her attorney Hailey Lawrence told the court Kuhn was a gambling addict, and had resorted to theft because her salary could not support her gambling habits.
Kuhn qualified for the minimum sentence of 15 years, as a first-time offender found guilty of fraud involving more than R500 000.
The magistrate rejected her gambling addiction as a reason to deviate from the prescribed sentence, but said Kuhn had shown remorse by admitting to the 91 counts.
The fact that she was a first-time offender, and had been honest with the court, were accepted as substantial and compelling factors to deviate from the prescribed sentence, she said.
The magistrate said a suspended prison sentence was too lenient, as was a sentence involving an early release and house arrest.
Forms Media Independent Africa have reported two fraudulent attempts to purchase A4 paper.
The first order – to the value of R33 700 – was placed in the name of Almond Trading operating out of Piet Retief. Claiming an EFT payment, it was discovered that payment was made via a stolen cheque from Port Elizabeth. The fraudster went by the name of Christopher C: 0614657069, and was to be collected by courier.
The second order was from Nelspruit placed in the name of Itec Solutions to the value of R58 368. Claiming to use an EFT payment, the bank confirmed it was also a cheque deposit. The fraudster went by the name of Derek C: 0840996506.
THE digital platform is increasingly eating into the revenues of traditional entertainment and media, with physical music and books sales being the hardest hit.
A report by PwC on South Africa’s entertainment and media shows that sales of CDs and physical books will continue to fall as consumers look online for that content.
According to the report, increased internet access will remain a significant force behind the major growth in the South African entertainment and media industry, reflecting expanded broadband devices and more use of smart devices.
Vicki Myburgh, entertainment and media industries leader for PwC Southern Africa, says consumers’ access to entertainment and media content and experiences were being “democratised” by the expansion of access to the internet, and the explosive growth in smart devices.
“Even though traditional, non-digital media will continue to dominate overall E&M (entertainment and media) spending in S A over the next five years, much of the growth will come from digital,” she says.
SA’s entertainment and media market is expected to grow at a compound annual growth rate of 10.9% in the next five years, above the global average of 5.6%, as a result of increased internet access.
The entertainment and media market is expected to generate overall revenue of R175bn in 2017.
The internet has widened access to entertainment and media products and services and has created opportunities for companies.
With the increased penetration of mobile phones, including smart devices, connected consumers are driving companies to apply innovation and agility to understand and meet their needs, PwC says.
The slowest-growing segment in the industry will be consumer and educational books with a 0.4% compounded annual growth rate over the next five years.
“Comparatively low literacy levels in the country — although they are rising — and the fact that books don’t cater for multiple languages in use in South Africa, continue to act as a barrier to further growth in this segment,” Ms Myburgh said.
Books carry a 14% value added tax, which means that retail prices remain too high for the majority of South Africans. Magazines and newspapers sell at a much lower cost and are more likely to be read by South Africans than books, Ms Myburgh said.
Another drawback for growth is that most books are in English and Afrikaans. Electronic books are forecast to account for 8% of consumer market by 2017, up 1.5% last year.
The music segment will also continue to struggle, with sales dropping quickly, but not yet being replaced by digital sales, despite the emergence of a number of new digital music services, PwC says.
Spending on live music will overtake spending on physical recorded music by next year and total recorded-music spending the following year, making it the driver of revenue growth in South Africa and globally.
By 2017, live music will account for 57.1% of consumer spending on music in South Africa, the report states.
Overall music revenues would increase marginally from R2.15bn in 2012 to R2.20bn in 2017.
However, Ms Myburgh says digital growth will not be enough to make up for physical decline.
Moreover, digital music will not grow as fast as other digital sub-sectors such as books and magazines, Ms Myburgh says.
The local music sector has been slow in making a transition to the digital medium.
South Africa is also experiencing the same online piracy problems as the developed world.
However, the relatively low broadband penetration in the country compared with developed markets has limited the scale of the problem but as broadband use grows, so will online piracy, says PwC.
However, Ms Myburgh says that consumers are becoming comfortable with piracy.
Key for survival, says Ms Myburgh, is innovation and for companies to employ an agile business model.
“Constant digital innovation becomes the new licence to operate,” Ms Myburgh says.
PwC also expects television and newspapers to continue attracting a big advertising spend, however, digital will close the gap in total spend.