Target hacking scandal widens; what we know now, and what we still don't know
Today, Target announced that the victim total from its hacking incident has jumped dramatically. There were 40 million victims whose credit card numbers were compromised. Now, we learn that there's another list of 70 million victims -- hackers made away with other personal information about them, including e-mail and mailing addresses. But perhaps even more important, today's news makes clear that Target's data leak is much wider than initially expected. That's common -- forensics experts aren't always sure what they are dealing with when they re-trace a hacker trail. And public relations officials are usually eager to explain data leaks using the most minimizing language possible.
But since the initial announcement, Target has had to return to the public and reveal that, yes, PIN code were stolen; yes, other personal data was stolen, yes there are 30 million more victims than we thought. One can't help but wonder: What's next?
There are many remaining questions:
Target has said nothing about the hack itself. It may never do so, but explaining the vulnerability would help consumers understand how so much data could have been stolen, and allow us all the imagine what the logical conclusion of the investigation will be.
Target so far has said its website was unaffected. There's an obvious question now, however: Where did the hackers get the e-mail addresses and mailing addresses from? Web site transactions might be one source. Another source might be Target's treasure trove of marketing data, a combination of personal information the company buys and consumer volunteer.
So far, despite the deluge of stolen credit card account numbers now available to thieves, there isn't evidence of widespread fraud. It seems only a matter of time. Meanwhile, it appears time is running out for Target to really come clean about what happened, how many consumers will ultimately be impacted, and what Target can do to regain their trust.