The most recent Target data breach occurred in 2013, and it was one of the largest data breaches to ever happen. Hackers stole data on an estimated 40 million credit card and debit card accounts. Additionally, approximately 70 million customer accounts were compromised.
Target has had a much better record on cybersecurity since then, and, as of October 2023, no data breaches have come to light in the decade since the 2013 incident. Here’s full timeline of Target data breaches, starting with the most recent.
December 2013: Hackers Steal Data on 40 Million Debit and Credit Card Accounts
In December 2013, Target confirmed that hackers stole data connected to 40 million credit and debit card accounts and 70 million customer accounts. The breach didn’t directly occur through Target systems. Instead, a third-party vendor was compromised, creating an avenue to collect the data on Target customers.
Reports indicated that a phishing attack was the initial point of entry. Emails containing malware were sent to the employees of an HVAC firm that worked with Target, and that network credentials provided to the third-party vendor were compromised in the attack, allowing hackers to use those details to access Target systems.
Impacted customers completed purchases in US Target stores between November 27 and December 15, 2013, and Target recommended that any customers who noticed unauthorized activity on their cards contact the retailer.
After the data breach, Target agreed to an $18.5 million settlement. However, the total cost of the breach was estimated to be $202 million soon after the breach occurred, though the total continued to rise as class action lawsuits and other legal actions were settled.
A hacker linked to the breach was later identified and caught, ultimately receiving a 14-year prison sentence.
April 2011: Target Customer Emails Stolen as Part of Epsilon Data Breach
In April 2011, news broke that Target company emails were stolen as part of the Epsilon data breach. Epsilon – an email marketing services company – was hacked, and attackers gathered customer names and emails were acquired by the hackers.
In total, 75 Epsilon clients were involved in the breach. Along with Target, Best Buy, JP Morgan Chase, and US Bancorp were among the victims. While only 2 % of the associated customers had their information compromised, the involved database was massive, putting the estimated impact in the millions. One of the biggest concerns relating to the breach was that having access to customer names and emails could allow attackers to craft credible-looking phishing emails.
Epsilon quickly informed its customers of the breach, admitting there was an unauthorized entry into its systems. As companies learned of their involvement in the breach, they contacted their customers directly.
In total, the cost of the Epsilon data breach was estimated at $4 billion, as its scope was massive and the companies involved included many household names. Overall, it’s considered one of the largest and most expensive data breaches of all time.