Target’s data breach was breathtaking in its scope when first announced –yet, the more we know, the larger and larger that the data loss gets. Apparently, Target’s breach encompasses the data of between 70 to 110 million individuals. To understand this number, consider that 70 million individuals represents one in three adult Americans. Secondly, that Target can provide a range that differs from the low end to the high end by over 54% suggests that Target has at this point no accurate count, or handle, or knowledge, of the transactions affected. Target clearly should know the total transactions it has processed, and the totality of its database records –but that the range provided is so wide suggests that Target has not yet ascertained all of the mechanisms employed in the breach.
Target also announced that, in addition to credit and debit information, other customer data was accessed. This includes emails, physical addresses, phone numbers, and other information collected when shopping online, as well as phone numbers provided to call centers for customers that did not necessarily shopped at Target during the 2013 Holiday period, but at other times as well.
If Target’s breach stops at 110 million transactions, then Target’s data breach might still be second to Heartland Payment System’s breach, that reached 130 million credit card transactions. But, given the nature of all of the data that was apparently accessed at Target, it is difficult to compare both breaches.
Source: New York Times, Jan. 10th article available here.