happy anniversary Target breach

It is hard to believe a year has gone by. In a year full of high profile security breaches, the starting gun was surely sounded by the 40 million credit cards lost by Target last year. The cost of replacing the cards alone was about $400 million. How much did it cost Target? Nothing. Lawsuits have been filed by individuals for breach of privacy as well as by the banks who don’t think they should have to pay those costs. Up until now the legal defense for companies like Target is to say that they are not the credit card handling company. They say it is the credit card handling company that should pay any damages, not them. They are just retailers after all. And up until now that defense has proved successful for the all retailers who have done nothing to protect us and our information.  However that may be about to change. Last week a judge in Minnisota signed off on letting the complaint against Target go ahead. His reasoning was that Target had plenty of warning that these breaches were occurring and decided to do nothing because they wanted to keep racking up Christmas sales. Target’s inaction, he reasoned was partially to blame for the credit card breach. Why do you and I care about this legal case since we don’t have to pay? For several reasons.

First, we do have to pay.  While the banks don’t charge the cardholder directly for fraudulant charges or card replacements, they pass those costs on to all their customers in higher fees and interest rates.  Someone has paid for Target’s breach.  You.

Second, if there is a financial penalty for this kind of breach, perhaps companies will decide to tighten their security.  Everyone heard that Target lost $40 million credit cards, but hardly anyone mentioned that they had also lost 150 million email addresses and phone numbers.  We have discussed in other columns how this kind of information may be even more valuable to a crook than a credit card number.

Finally, we need to care because the problem is escalating.  Sony’s recent breach wasn’t just about stealing money, but also included threats to low level employees and the posting of all their private information, addresses, photos, passport scans, etc. on the internet.  Why? Because this terrified the 45,000 employees.  Imagine sitting down at your computer tomorrow morning and discovering that you were a being threatened because your employer wouldn’t safeguard your information?

Suggestion for the week.

Ask your employer where your personal records are kept.  Are they in a file cabinet in a folder? In a desktop computer? Stored in the cloud?  Is it encrypted?  Is it password protected?  Isn’t it time you found out?

If you have any feedback about this column, suggestions about a topic you would like me to discuss, or want me to come do a free identity theft seminar at your church or social club you can contact me at


Leave a Reply