When it comes to a security breach having to do with confidential customer data, time is literally money. So you can imagine that when news leaked that the Target breach that occurred over the holiday season lasted longer than the company originally led on, the customers affected demanded more than just answers.

A recent Wall Street Journal report referenced the testimony that was submitted to the Senate Judiciary Committee, in which Target Chief Financial Officer John Mulligan said the company has learned software on another 25 checkout machines continued to steal payment card data three days after Dec. 15, the date the discounter had said the malware was removed from its system.

You may be asking yourself how the retail giant could continue to let the breach persist after learning how many of its loyal customers the initial data violation affected. Apparently, those 25 registers remained infected due to being temporarily off line when Target first removed the malware. As of now, Target is estimating that around 150 additional credit and debit cards were breached in the three subsequent days, adding to the original 40 million customers that data was stolen between Nov. 27 to Dec. 15.

To add more insult to injury, reports suggest that the malware appeared to have features that were custom-built. Target’s system was breached when the hackers used stolen vendor credentials to slip the malware inside, according to the company.

In terms of damage control at this point, Target claims it is spending $100 million to upgrade its payment system to cards based on computer chips by early 2015, six months sooner than previously planned. The new cards are used in Europe and Canada and replace the magnetic-strip standard used on the majority of credit cards, which makes the cards harder to counterfeit to cut down on fraud.

According to the Wall Street Journal, Target pioneered a test of the chip-based payment card in 2001, but killed the test less than three years later after rolling it out nationwide because the cards slowed checkout times and other retailers weren’t going along, leaving Target at a disadvantage.


For related news on security and data breaches in the industry, read these recent reports:


Target continues to mitigate massive data breach, faces countless lawsuits and litigation claims

ChewBacca malware targets smaller retailers in 11 countries

IT can decrease security risk through ISO 27000 and PCI

Technology: 5 (relatively) easy ways to improve your privacy practices in 2014