Reuters reported Thursday that Citigroup (NYSE:C) has confirmed that it will replace all customer debit cards involved in the data breach suffered by Target Corp. (NYSE:TGT) this past November and December. Citi spokesperson Elizabeth Fogarty confirmed to Reuters in an email late Wednesday, “This is being done as a precautionary measure,” and helped elucidate that the bank would have replaced the debit cards sooner, but it didn’t want to disrupt retailers’ lucrative holiday shopping season. Citi has now joined other banks such as JPMorgan (NYSE:JPM) that have also committed to redistributing new debit cards, but Citi is not planning on reissuing credit cards.
Citi’s email to Reuters Wednesday came exactly one month after Target initially suffered its security breach in December that significantly hindered its last weeks of holiday sales. The Minneapolis, Minnesota-based retailer alerted customers on December 19 that hackers stole data from 40 million credit and debit cards in the period from November 28 to December 15, and the retailer’s announcements unfortunately got worse as the weeks went on.
Now, it is clear that on top of those 40 million compromised credit and debit credits, hackers also stole the personal information of at least 70 million customers, including names, mailing addresses, telephone numbers, and email addresses. A Target spokesperson maintains that the two sets of numbers are likely to contain some overlap, but experts still consider them two distinct thefts.
Target is now focusing on its ongoing investigation into the theft, as well as its strategy to resurrect sales at the No. 3 US retailer. The company’s sales dramatically dropped off following the breach, as reflected in its updated earnings forecast, and Target has recognized that it needs to revive consumer confidence in its brand, especially now that competition in the retail industry is as rigid as ever.
Moreover, Target officials may also be invited to Washington in the near future as lawmakers review its breach and consider whether all appropriate measures were in place to sufficiently protect retail consumers. Earlier in the week, we learned that the Financial Services Committee of the U.S. House of Representatives is planning on looking into the breach, and so too are Senate Banking Committee Leaders after fielding requests from Senate Democrats last week. It is not expected that Target will be involved in any legislation for its actions, but Washington still could encourage it to take different precautions when it comes to retail and consumer protection.
In addition, Target must also now worry about its banking partners getting implicated in its drama, too. Theft experts predicted this week that these partners could face millions of dollars in fines and costs resulting from their part in the data breach, and Target’s “merchant acquirer,” Bank of America Merchant Services, may especially be at risk.