The following are examples of recent, high profile data breaches involving disclosure of millions of credit card details:
Target was the victim of a targeted attack which exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013. Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Attackers pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions.
It was estimated that Target could be facing losses of up to $420 million as a result of this breach, including reimbursement associated with banks recovering the costs of reissuing millions of cards; fines from the card brands for PCI non-compliance; and direct Target customer service costs, including legal fees and credit monitoring for tens of millions of customers impacted by the breach.
Approximately 53 million email addresses and 56 million credit card accounts were compromised in an April 2014 cyberattack on Home Depot Inc.The world’s largest home improvement chain in September revealed hackers had uncovered the credit card information of more than 50 million customers, according to Reuters.
Home Depot indicated that stolen account information from a third-party vendor was used to gain access to the company’s internal computer network. Deeper access was reportedly made easier by a vulnerability in Microsoft’s Windows operating system, which reportedly was patched after the breach was already underway, according to The Wall Street Journal and Bloomberg Businessweek.
The total cost estimate is unknown. However the breach cost Home Depot $43 million in the third quarter of 2014 alone.