Target Security Breach Caused by Malware, Leads to Store Closings and Sen. Leahy’s Data Privacy Bill

The recent large data breach at Target that affected between 70 million to 110 million people was carried out through use of a malicious software (malware) referred to as Kaptoxa, reported CNNMoney.  Parts of the software code were written in Russian and believed to be derived from BlackPOS, according to Bloomberg Businessweek.  BlackPOS is an inexpensive malware, Forbes reported, that can be purchased online for at least $1,800 and may have been involved in other attacks against retailers.  The malware was installed on computers at check-out stations, also called point of sale (POS) terminals, in Target stores throughout the U.S.  According to Forbes, the hackers were able install this software because Target’s central data network gave the hackers an open channel to every POS terminal for over two weeks.

Target’s Financial Performance Declines after Data Breach

On January 10, 2014, The Wall Street Journal reported that Target cut its profit forecast by 20% for the quarter ending February 2, 2014.  It also expects sales to fall by about 2.5% compared to its previous projection that sales would be flat.  The breach has also reduced Target’s RedCard applications.

On the same day, Target announced plans to close eight U.S. stores on May 3, 2014, in light of its financial performance.  The eight locations are: West Dundee, Illinois; Las Vegas, Nevada; North Las Vegas, Nevada; Duluth, Georgia; Memphis, Tennessee; Orange Park, Florida; Middletown, Ohio; and Trotwood, Ohio.

Senator Patrick Leahy Reintroduces the Personal Data Privacy and Security Act

In light of the Target breach, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) reintroduced a data privacy bill on January 8, 2014, according to the U.S. News & World Report.  The bill, which mentioned the Target data breach, would require American businesses to follow stronger data privacy standards in collecting and storing consumer information.  The bill would also increase criminal penalties against businesses that encounter a data breach but intentionally fail to disclose it.  It also implements criminal penalties for those who attempt to or conspire to hack into a computer.

Senator Leahy first introduced this bill in 2005 and in subsequent years but was stopped by business lobbying groups.  The 2014 version of this bill is co-sponsored by Senators Al Franken (D-Minn), Chuck Schumer (D-N.Y.), and Richard Blumenthal (D-Conn.).

Are You a Victim of the Target Data Breach?

Gibbs Law Group LLP has represented individuals who have been victims of data breaches involving companies such as Certegy Check Services, Adobe, Health Net and IBM.  If you made a purchase at a Target store or on Target’s website, you are urged to contact a privacy attorney at Gibbs Law Group LLP by calling 1-800-254-9493.  You can also complete and submit our confidential inquiry form on the right side of this page.