To: Gregg Steinhafel, Target CEO
Target: Take Real Steps to Address the Data Breach
Your data breach led to the theft of information from up to 110 million of your customers. Please make things right by providing full restitution to all of your customers who become victims of fraud or identity theft because of the data breach; informing your customers that they have the right to place a security freeze on their credit reports; and committing to promptly complying with the highest industry security standards to make sure this can never happen again.
Why is this important?
Target has been scrambling to respond to the company’s massive data breach, which affected up to 110 million consumers. But so far, they’ve fallen short.
Instead of working to make sure data breaches never happen again, they've announced a $5 million "financial education" plan and are offering customers a "ProtectMyID" service that does nothing to prevent fraud on existing accounts and may give consumers a false sense of security.
Thieves got away with card numbers, expiration dates and security codes. That's a mother lode for fraud on existing accounts. In fact, JPMorgan Chase has decided to re-issue two million cards that are at risk from the breach. They’re taking this threat seriously. So why isn’t Target?
Target needs to do a better job of taking responsibility and protecting consumers from the threat they created. First, they should agree to provide full restitution to all of their consumers who actually become victims of fraud or identity theft as a result of the breach. Second, they should inform consumers that they have a legal right to place a security freeze on their credit reports – that’s the only real way to stop identity theft. And third, they should promptly upgrade their systems to meet the highest industry standards for security.