The Target hack sure sounds scary: Tens of millions of shoppers' credit card data were stolen and are being sold on the black market. Hackers took emails, phone numbers and PINs too.
But there's comforting news in all this for consumers: Though the breach will be irritating for millions of shoppers who have to get new credit and debit cards, Target customers shouldn't lose a dime.
The reality is, Target will take the biggest hit. When fraudulent purchases are made with a credit card, the credit card companies make the customer and the bank whole. They then recover the money that was fraudulently charged by fining the merchant or raising the merchant's swipe fees.
That means consumers shouldn't worry about reports that hackers are selling the stolen credit and debit card information on the black market. Brian Krebs, the cybersecurity journalist who uncovered the Target breach, has traced the stolen data to card shops online. But if the card numbers haven't already been canceled, Target will be responsible for paying for whatever goods were purchased with the cards after they were stolen.
That might ultimately cost Target more than $50 million, according to estimates by Gartner financial fraud analyst Avivah Litan.
What's left for customers who shopped at Target's U.S. stores between Nov. 27 and Dec. 15 is the headache of staying on guard, monitoring their bank statements and getting a new card. Target even started offering free credit monitoring and identity theft protection as an added safety measure.
Target customers should also watch for fraudster emails, letters and phone calls too. If you've ever given Target your personal details, criminals now have your contact information.
That's because hackers didn't just break into Target's point-of-sale system and collect data from magnetic stripes on 40 million payment cards. They also wormed their way into Target's massive database of 70 million customers, which included names, emails, phone numbers and addresses.
On the one hand, criminals with that information have a better chance of duping you. They already know you shop at Target. Expect phone calls, phishing emails and letters with criminals posing as Target, the bank or law enforcement asking for even more sensitive information, such as your Social Security number or PIN.
On the other hand, criminals can't steal your identity by just knowing your contact information. The real damage here is that hackers know one thing: You shop at Target.
"It's bad they got a customer list, but the worst case scenario is a very targeted email phishing campaign," said Adrian Sanabria, a senior security analyst at 451 Research in Knoxville, Tenn. "I don't see any risk of identity theft from having that exposed."
The average consumer won't feel much of an impact -- if any -- from the Target breach. But practicing safe Web browsing behavior, changing passwords frequently and monitoring credit card statements would be smart steps to take.