Until 2013, the data breach that affected millions of T.J. Maxx and Marshalls shoppers almost a decade ago reigned supreme in the annals of retail hacking.
The holiday-season attack on Target, the nation’s third-largest retailer, made that episode seem almost trifling by comparison. From Thanksgiving week into December, the year’s busiest buying period, personal information of up to 110 million Target customers was stolen — and the repercussions for the company, for consumers, and for the retailing industry are likely to persist for months, if not years.
“The Target hacking was an earthquake in comparison with previous ones,” said Eugene Fram, professor emeritus of marketing with Rochester Institute of Technology’s Saunders College of Business.
And the worst almost certainly is yet to come, the FBI maintains.
In a recent confidential report to retailers, the agency warned of the spread of malicious software — malware — that can clandestinely penetrate so-called point-of-sale systems, the means by which retailers conduct transactions. Credit-card swiping machines, which connect to a company’s computer network, typically through the Internet, are a common POS device.