US retailer Target has revealed it is planning "significant changes" following a data breach that resulted in hackers stealing details concerning at least 70 million customers in the run-up to Christmas 2013.
Initial figures suggested a toll of 40 million Target customers, but a month on from the cyber breach being discovered, it was revealed the number of affected individuals was in fact almost double initial estimates.
An investigation by Target found information around names, mailing addresses, telephone numbers and email addresses had been stolen by hackers. Malware stored on Target's point of sale (PoS) registers is thought to have allowed hackers to open the breach and make off with data about millions of customers.
Target CEO Gregg Steinhafe has since insisted the chain is safe to shop at and that in addition to the ongoing investigation into the hack, the company is looking into how it can prevent a similar incident in future.
"We are in the middle of a criminal investigation as you can appreciate and we can only share so much. We are not going to rest until we understand what happened and how that happened," Steinhafe told CNBC television.
"Clearly we are accountable and we are responsible - but we are going to come out at the end of this a better company and we are going to make significant changes," he added.
It's thought that Target isn't the only major retailer to have fallen victim to cyber criminals around that time. However, security experts close to the matter haven't yet disclosed the identity of these firms.
According to Chris Wysopal, co-founder and CTO of risk management solutions provider Veracode, a phishing scam is the most likely method in which hackers breached Target's databases.
"This was obviously a very sophisticated attack given the timing, which is perfect for collecting the most amount of card data in a short period of time," he said.
"The malware was likely customised for the type of PoS terminals Target uses. We don't know yet how the malware got on the terminals. At least part of Target's network must be compromised," he continued.
Wysopal added that while wireless networks have been at the heart of other data breaches, such as at discount fashion retailer TJX, this probably wasn't the case with Target.
"For the TJX attack the attackers got in through insecure wireless networks. That's not likely how they did it here. More likely it was a phishing attack or they got in through an insecure web application," he said.
[Please go to page 2]