ZDNet reports that Target covered up the extent of the breach during the holiday season.  Not just debit cards and pins, which could have allowed theives to essentially print new plastic debit cards and drain accounts.  But also personally identifying information including name, address, and so on, for SEVENTY MILLION customers.

Yes folks,  this means one in three Americans just got exposed to identity theft by “we know your daughter’s preggo before you do” bad boundary big data Target.

This is so serious.  This is serious as a stick.  The Guardian has the stats lined up for us (assuming you can believe Target now, that is, on these 40M cards that were compromised between 11/27 and 12/15):

  • It’s likely 1:4 will find their credit cards abused — that’s about 10,000,000.
  • Many of them will join the 5.26% of adults in the US who were victims of identity theft in 2012 — 13M victims, $20B price tag that we all pay for in bad economics, higher fees, and so on.  [so what do you think this will do to that?]
  • On average an ID theft occurs in the US every 3 seconds.
  • Target should know better — they paid out about $10M in 2005 for a similar incident.

Reuters reports that AGs around the country are launching probes and security experts rightly speculate that Target has no idea how extensive the breach was.  Any of their extensive data on consumer habits, personal information, modelling — any of it could be in the hands of thieves at this point.  Not just data from the dates specified, but historical data.  We already know they were retaining data against MC/VISA policy agreements — what else did they have stashed away?

And is it any wonder people with such casual disrespect for your privacy would have such piss poor discipline around keeping that data secure from others?

The most positive outcome we could get from this is a massive wake up call.  I wonder how hard the financial system will work to minimize implications?

[Makes popcorn]