Target security breach costs to top $200m

Financial institutions have reportedly spent over $200m to replace credit and debit cards in the wake of recent massive security breach at US retailing company Target.

According to data collected by the Consumer Bankers Association (CBA) and the retail-banking trade group Credit Union National Association (CUNA), the spending still continues to go up and excludes losses incurred due to fraud, which, if added would drive the totals ‘much higher’.

CBA president and CEO Richard Hunt said financial institutions of all sizes have been aggressive in ensuring their customers are protected in response to the Target data breach.

"CBA’s members have proactively replaced cards, increased fraud monitoring efforts and have expanded call centre hours," Hunt said.

"Consumers should rest assured, our members are taking every step to minimise the impact of this massive breach."

The Consumer Bankers Association has spent about $172m in replacing cards for its members, up from an earlier anticipated $153m, while the Credit Union National Association (CUNA) estimated the impact of breach on credit unions to $30.6m.

CUNA president and CEO Bill Cheney said that credit unions have replaced or will replace 85% of their cards affected by the Target breach at no cost to their members.

"The combined $200 million cost borne entirely by banks and credit unions shows the extent to which financial institutions will go to protect their customers and members," Cheney said.

Target experienced massive data breach in December 2013, affecting about 70 million customers.

According to security researchers, the malware responsible for the data breach at US retailer Target had been written by 17 years old Russian.

Security researchers at US-based cyber intelligence firm, IntelCrawler, revealed that the data breach carried out as part of operation described as Kaptoxa, used low-cost malware known as BlackPOS, which was developed by a 17 years old Russian in March 2013.

Cyber criminals responsible for attack on Target have reportedly used stolen credentials from one of the Us retailer’s vendors.