One year later, the Target data breach has been a costly crime for everyone involved -- everyone but consumers.
The theft of 40 million credit and debit card numbers came as a shock to Target shoppers, but analysts say that in the end, almost no consumer suffered a financial loss.
"It was pretty scary," said Avivah Litan, a financial fraud specialist at Gartner. "When the public heard that Target got breached, they didn't realize they weren't going to lose money. ... After a few months, consumers realized they were protected. So they got more relaxed about it."
But it left other scars. Thursday marks the one-year anniversary of the start of the breach.
It stunned Minneapolis-based Target Corp., which was left reeling for months afterward. Its CEO was fired; its shoppers were slow to return; and its data-breach costs have climbed to a quarter-billion dollars.
It also jolted the entire retail sector, as Target turned out to be the first in a series of data thefts, whose victims included Neiman Marcus, Home Depot, Michael's, Goodwill, Dairy Queen, Supervalu, Staples and Jimmy John's.
It was a wake-up call to the credit card, banking and payment networks, to stop stalling on adopting safer but more expensive card technologies.
For them, Litan said, "I think the Target breach was monumental. The main thing that has changed is, both the banks and the retailers are really tightening up security."
It also spawned more than 140 lawsuits against Target, which were consolidated before a U.
S. District Court in St. Paul and are now grinding their way through the legal system. A trial is scheduled for 2016.
And shoppers? At first, they worried. Countless cards were reissued. But a year later, the numbers suggest that consumers have moved on -- and are still using their credit cards.
Target declined to comment for this story.
"Shoppers are not worried about a data breach right now," said Lorman Lundsten, a professor in marketing at the University of St. Thomas in St. Paul.
"What seems to have happened is, people heard about the breach, and they probably heard about the measures taken to neutralize the breach. And basically, nobody knows anybody who's been hurt by it."
But that doesn't mean consumers are happy when their credit card numbers are stolen, then sold online to criminals around the world.
Compared with a year ago, "There's more consumer skepticism that their data is safe," said Jim McComb, a Twin Cities retail consultant. "And they're less shocked when it happens. Target had a tremendous fallout from its breach. I haven't heard a similar fallout from Home Depot."
Meantime, the next generation of chip-and-PIN credit cards is starting to appear, including at Target. The cards are harder for thieves to use because they carry an embedded computer chip and require a personal identification number, or PIN.
But the infrastructure isn't yet in place for chip-and-PIN cards to work this holiday season. So shoppers are still using what the National Retail Federation has described as "fraud-prone magnetic stripe cards."
McComb said he has long believed that "the industry had sort of taken the posture that it was cheaper to pay for the fraud than pay for the new equipment.
"I think that's changed," he said. "It has been incredibly expensive for Target; it's been expensive for the banks to reissue the cards."
McComb saw the new era recently, when his own credit card was touched by the Home Depot breach.
"I got a card reissued that has a chip in it," he said. "I've not been to a store yet that has the ability to read it, but they're stepping up to that."
The Target hack began a year ago, when cyberthieves -- said to be from Russia, but that's still not clear -- used stolen credentials to access Target's computer network. The thieves installed malware that captured card numbers used inside Target stores, then transmited the stolen data overseas.
For 19 shopping days, data on shoppers' names, card numbers, expiration dates and some security codes, including encrypted PIN codes, was stolen from 40 million Target shoppers.
The week before Christmas, tech journalist and blogger Brian Krebs broke news of the breach. The next day, Dec. 19, Target confirmed the bad news. Its call centers were overwhelmed by worried shoppers, which Target promised would not be liable for fraudulent charges.
Just as alarming came the news that millions of stolen card numbers were available for sale at online "card shops." It made consumers feel so vulnerable, it was common a year ago to hear shoppers swear off plastic forever.
But in the year since, there's not a lot of evidence that consumers have done so. The credit card companies are doing just fine. And a recent University of St. Thomas holiday study found no signs of an exodus from plastic.
Lundsten, the St. Thomas marketing professor, isn't surprised.
"It doesn't happen because it's more convenient to use the credit card," he said.
On the other hand, Carol Spieckerman, a retail consultant at NewMarketBuilders, said the breaches are helping next-generation payment systems, such as Apple Pay, gain traction.
"I think retailers are very much in a defensive mode in terms of these data breaches and (hoping) that the next one doesn't have their brand all over it, as it did with Target," she said.
Nowadays, Spieckerman calls the Target breach "a distant memory" to the nation's consumers.
"Thanks to social media, the news hits really hard and it goes really broad, but then it goes away really fast and something takes it place," she said. "The worst has already happened to Target."
For Target, it took nearly the full year, but last week the discount giant finally seemed to emerge beyond the long shadow of the data breach.
For the first time all year, it reported its stores had sales gains. Its stock price finally stayed above where it stood Dec. 18. And it said any other breach costs were "immaterial" to its financial health.
A new chief executive, Brian Cornell, heads the company. And in the past year, the company has redoubled its focus on a world of cyberthreats.
"They went out and really beefed up their leadership in security, in IT, and I think that was also going to benefit their online division," McComb said.
But McComb said some of Target's old swagger vanished alongside the 40 million credit card numbers, coupled with its struggles in Canada. It's been a long and unsettled year at its Minneapolis headquarters.
Until last year, McComb said, "I think Target viewed themselves as being kind of invincible in a lot of ways."
©2014 the Pioneer Press (St. Paul, Minn.)
NEW ON THE PODCAST