Steve Ward, a spokesman for security vendor Invincea, said Target customers should already be on high alert for phishing attacks. The stolen data allows attackers to craft very convincing emails in attempts to pry loose sensitive data.
"Seventy million active email addresses is a treasure trove for cyber criminal. They now have emails they know are active and linked to Target," he said. Where possible, he suggests that individuals with email addresses linked to Target deactivate them.
If the email address is too difficult to change, individuals have to be continually on the lookout for phishing attempts, not just for days, but for months and perhaps years as well, he said.
Credit and debit card information stolen from Target is already being used in new ways. Compromised cards are being marketed online with information on the state, city and ZIP code of the Target store where they were used.
Fraud experts suggest that the location information will likely allow buyers of the stolen data to use spoofed versions of cards issued to people in their immediate vicinity.
Local use of a card makes it more likely that crooks can use it for a longer period of time because fraud detection tools used by banks and other card issuers use locations and frequency of card use to determine potential criminal activity. Banks often decline transactions or require additional authentication only for card transactions that originate from new or unexpected locations.
The breach could be very costly for Target, especially considering the findings of its investigation. TJX and Heartland were hit with similar massive attacks have so far paid well over $100 million in breach-related costs, many in relation to outside investigations.
In the statement today, Target said it expects fourth-quarter sales and earnings to be substantially lower than the results expected before the breach was discovered.
The adjusted earning per share for the fourth quarter is now $1.20 to $1.30 compared to prior guidance of $1.50 to $1.60. Sales during the quarter are now expected to be nearly 2.5% lower than previously expected.
Sign up for Computerworld eNewsletters.