Since we rarely go more than a couple weeks without a data breach post, it seems we’re a bit overdue. It looks like we can get back on track thanks to Target’s point-of-sale systems and their security weaknesses.
If you were out braving the angry mobs this black Friday and you happened to “storm the beaches” at Target, you might want to keep a watchful eye on your credit card statements for a while. The retail giant announced yesterday that its point-of-sale computers were hacked and exposed over 40 million credit/debit card numbers.
It appears that the data the thieves stole included not only card numbers but also the customer names, card expiration dates and CVV numbers. If you’re not keeping track, that’s essentially everything you need to actually put those cards to use.
The attack occurred from November 27th to December 15th, and Target was slow to confirm that it happened (only making a statement on the 19th). The attack was essentially nationwide.
This situation is kind of the perfect storm that demonstrates where a cyber liability policy kicks in to cover the company. All of the stolen information certainly falls under the definition of “personally identifiable information.” The sheer size of the breach and number of consumers effected sets up for a class action lawsuit. And given the length of the attack and the delayed announcement, it seems like one might be able to make a pretty good claim for “failure to notify” (amongst other things).
If the probable lawsuit follows, Target’s cyber liability coverage will kick in to cover legal fees, notification costs, data restoration, and more. Assuming they have cyber coverage, that is…
It will be interesting to see how this one plays out. More to come.