US retail giant Target has announced $5 million to educate consumers about scams just days after the company admitted hackers had loaded malware on its point-of-sales systems and stolen the personal details of up to 70 million consumers.
Target in the US is not affiliated with Target Australia, which is a subsidiary of Australian retail group Wesfarmers.
On December 19 last year, the retail giant acknowledged that that it was aware of unauthorised access to its payment card data systems, impacting up to 40 million consumers shopping at its US stores between November 27 and December 15.
“Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts,” the company said in a statement.
Late last week, the company’s chief executive, Gregg Steinhafel, issued a statement admitting that hackers had gained access to its systems, with personal details from a further 70 million accounts potentially compromised.
“As you have probably heard, Target learned in mid-December that criminals forced their way into our systems, gaining access to guest credit and debit card information. As a part of the ongoing forensic investigation, it was determined last week that certain guest information, including names, mailing addresses, phone numbers or email addresses, was also taken,” Steinhafel said.
In a subsequent interview with US business news channel CNBC, Steinhafel revealed the the attack involved hackers installing malware on its in-store point-of-sales systems.
“We don’t know the full extent of what transpired. But what we do know was there was malware installed on our point-of-sale registers. That much we’ve established. We removed that malware so that we could provide a safe and secure shopping environment. This investigation is ongoing and it’s going to take some time before we really understand the full extent of what’s happened,” Steinhafel said.
Days after admitting the personal details and credit card information of millions of its consumers were potentially compromised after hackers installed malware on its cash registers, the retailer announced a $US5 million campaign to educate consumers about cybersecurity risks, including “the dangers of consumer phishing scams”.
Phishing scams include emails from hackers impersonating trusted institutions, such as banks or credit card companies, asking for personal information, such as credit card details.
“Target has a longstanding history of commitment to our communities, and cybersecurity is one of the most pressing issues facing consumers today,” Steinhafel says in a statement.
“We are proud to be working with three trusted organizations — the National Cyber-Forensics and Training Alliance (NCFTA), National Cyber Security Alliance (NCSA) and Better Business Bureaus (BBB)—to advance public education around cybersecurity.”
The company also says it will refund any funds stolen as a result of its cash registers being hacked on a “zero liability” basis.
Andrew Sadauskas is a former journalist at SmartCompany and a former editor of TechCompany.
