The costs for last year's data breach just won’t go away. Earlier this month, Target updated estimated losses due to the 2013 data breach for stockholders. The Company’s second quarter financial results are expected to include gross expenses of $148 million, with an offset of $38 million insurance receivable, related to last year's data breach. These expenses include an increase to the accrual for estimated losses for what the Company believes to be the vast majority of actual breach-related claims, including claims by payment card networks.
During fourth quarter 2013, Target experienced a data breach in which an intruder gained unauthorized access to its network and stole card and other customer information affecting an estimated 110 million shoppers.
The Company’s estimates are said involve a great deal of judgment and are based on current information, historical precedents and the validity of certain claims. But the company states it is possible that it may incur a material loss in excess of the amount accrued. The Company also said it is unable to estimate the amount of such excess loss exposure at this time. But according to a USA Today article a security analyst at the technology firm Gartner, puts the costs of the breach at over 3 times the company estimate - for a loss totaling between $400 million and $450 million.
And back in January, according to the Minneapolis, Saint Paul Business Journal the loss was pegged at more than $1 billion in costs, according to an analyst's estimate. Jefferies retail analyst Daniel Binder based his estimate on information from Julie Conory, research director for Aite Group's retail banking practice. One major credit card issuer she talked to revealed that there was fraudulent activity on 10 to 15 percent of its cards affected by the breach.
According to KrebsOnSecurity.com, the data theft was caused by the installation of malware on Target's point of sale machines. Sources close to the investigation say that credentials were stolen from a Target contractor in a malware-injecting phishing attack sent to employees of the firm by email. The email attack began two months before the subsequent data theft, and has been linked to a password stealing program.
The data thieves used the stolen passwords to access a portal used for Target vendors. How the hackers then managed to gain access to more sensitive areas in the corporate data structure wasn't detailed. However, it's apparently known that the thieves first tested their card-stealing software in a small number of Target's cash registers. And within a few days of the test, the hackers had their software installed on most of Target's registers and were actively collecting card records from live customer transactions.
The stolen data was apparently transmitted to several hacked servers in the U.S. and South America. The thieves then retrieved the card data from these compromised servers. The manhunt is ongoing and the Secret Service and other agencies seem to be looking at Russian hackers as the prime suspects.