According to a Wall Street Journal article, Target endured breeches to both its Point Of Sale (POS) systems and another system.
The POS breech affects up to 40 million Target customers’ data, including the theft of credit or debit card and PIN numbers. This newly revealed breech increases the number of customers affected by up to 70 million resulting in a potential loss of up to 110 million customers’ data.
Target has not verified how much overlap there is between the two breeches so the total number of unique affected customers/households could be less than 70 million.
The financial impact to Target for these breeches is still being tallied but current estimates by Target include a 20% profit loss in the “Holiday quarter” and a 2.5% sales loss. One cause for the difference between 2.5% sales loss and 20% profit loss is markup on items sold during this time period.
On Friday, Target cut its profit forecast for its U.S. stores in the crucial holiday quarter by about 20% and said sales excluding newly opened or closed stores would fall 2.5% when it previously had expected sales to be flat.
The financial impact to customers has no current estimate.
The impact of loss of trust in large retailers and e-tailers is unknown. Customers may simply shift commerce to businesses that they believe are more trustworthy or that they think follow industry security and privacy standards and best practices more effectively.
Neiman Marcus revealed that its systems were breeched mid-December as well but less is known about what systems were compromised or the number of customers affected.