But Target was apparently not the only victim.
Nieman Marcus, acquired last year by Ares Management and the Canadian Pension Plan Investment Board for $6 billion after it flirted with going public, also seems to have been hit. At least three other mall-based retailers may be victims.
As many as 110 million people, one American in three, may have had their personal data exposed in the Target attacks.
While past breaches mainly targeted the systems processing transactions, the new breaches are different in that they may involve malware placed in Point Of Sale (PoS) devices.
Visa (V), which has a big hand in the security of transaction processing networks, warned as early as April that such attacks were possible, posting a number of malware signatures. Another Visa alert, in August, recommended a number of mitigation strategies, including using only point of sale devices that can encrypt data according to industry standards.
Target CEO Gregg Steinhafel now says he favors moving toward the EMV (Europay, MasterCard, Visa) chip-and-pin credit card transaction systems widely used in Europe. These use an encrypted computer chip to improve security, allowing more identifiers to be accessed than with the magnetic stripe cards used in the U.S.