Target: The Breach that Keeps on Taking

Four years after the company's data breach, Target is still attempting to settle suits

When much of the security industry heads out to the massive RSA Conference next week, a ghost will be looming over them.

The RSA Conference kicks off on the eve of another discouraging development involving Target’s data breach. Four years after the event, which compromised the personal information of 60 million customers and the credit-card details for 42 million of them, Target is still paying for its oversights.

This month, a judge in the 8th Circuit Court of Appeals sent Target’s November 2016 class-action settlement—which allocated $10 million for customers and $6.75 million for attorney fees—back to a Minnesota district court for review. The appeal was instigated by a Target customer who was part of the class-action suit.

Source: Rippleshot

According to the settlement, Target would be absolved of future liability. However, the customer argues that those receiving no compensation because they have not yet suffered loss—but could be victims of future fraud stemming from the breach—should be accounted for separately.

In the years since that breach, it’s become clear that a company must regard cybersecurity as a business maneuver, and not a mere IT tool. Thieves cannot be deterred, but they can be stopped early in their tracks. Analytics that use advanced technology, such as machine learning, are investments that detect threats far quicker and more accurately. This, in turns, spares organizations years-long losses involving customers, creditors, and stockholders.

Last year, we reported on the “Endless Financial Ripple Effect of a Data Breach,” over five years. Target is just entering its fourth year since its breach. According to an estimate from Rippleshot, which mitigates credit-card fraud, the company’s total losses have already reached $2.5 billion.