Approval has been given for over 100 million victims of data theft in 2013 from retail giant Target to claim compensation of up to $10,000 each.
The class action lawsuit brought by the victims effectively caps the potential compensation bill at $10 billion.
However, the judge in the U.S. federal court case has ruled that it will be up to the victims to prove they suffered losses. Many are expected to receive far smaller settlements or, indeed, not to claim at all. Target, however, now have the difficult task of estimating the liability in order to provision against future earnings.
Hackers targeted the retailer’s systems during the 2013 holiday season. Initially Target, said that credit card and debit card information connected to 40 million customers had been stolen.
Later, it emerged that other personal data of a further 70 million to 110 million customers had also been taken.
Target, along with other retailers such as Walmart, has based its business model on Big Data. These retailers pioneered predictive modelling strategies based on collecting as much information as possible about their customers.
Incidents like this—and the many other large-scale data thefts that take place—show that even the biggest companies are at risk of exposing our data.
It is something that businesses (and governments) absolutely must get right. Big Data analysis can do a lot of good—but that is reliant on public trust that safeguards are in place to keep personal information secure.
Target made a profit of $2.5 billion last year. However, the company has already spent $250 million in relation to the data theft, and their revenues dropped significantly following the attack.
One hundred million customer records is a massive number, but it isn’t the worst data breach in history.
Here’s my top 10:
- Court Ventures (Experian) – 200 million records stolen. Data on thousands of U.S. customers held by Experian-owned data aggregation company Court Ventures was sold to a Vietnamese company and later ended up for sale on the online black markets, where stolen credit card and identity information is sold.
- eBay – 145 million records stolen. In 2014, hackers accessed and stole millions of customer records by using employee details to log into eBay’s computer systems. All users were forced to change their passwords.
- Heartland Payment Systems – 130 million records stolen. In what has become known as the world’s biggest-ever credit card fraud, hackers stole information that would allow criminals to clone the cards of 130 million customers.
- Target – between 70 million and 100 million records stolen.
- TJ Maxx – 94 million records stolen. Credit and debit card details of customers at over 2,500 U.S. stores were stolen when hackers accessed central systems through the Wi-Fi connection of a Minnesota store.
- AOL – 92 million records stolen. Employee Jason Smathers was jailed for 15 months in 2005 after admitting to selling 92 million customer records to spammers, who are thought to have used them to send 7 billion unsolicited emails.
- Anthem – 80 million records stolen. In February 2015, the databases of the second largest health insurer were raided by hackers who stole customer names, dates of birth, and social security and employment details.
- Sony – 77 million records stolen. Sony shut down its online gaming network for 23 days in April 2011 after being hacked by a collective calling itself Lulzsec. In response to questions asked by the U.S. House of Representatives, Sony said it had been targeted by a “very carefully planned, very professional, highly sophisticated cyber-attack.”
- JP Morgan Chase – 76 million records stolen. Data relating to two out of every three American households, as well as 7 million small businesses, is thought to have been taken during the attack on the U.S. bank in 2014. These modern-day bank robbers did not go after the money in the vaults but targeted the email addresses and details of customers for their value on the black market.
- Home Depot – 56 million records stolen. Late in 2014, malware was installed on cash register systems at U.S. stores, which hackers used to steal details relating to 56 million customers. The company apologized and said that fixing the damage and addressing the vulnerabilities would cost millions.