Though it's implicit in the article, it's not explicit in either the article or the summaries that this involved in-store transactions only. It didn't affect web transactions, though I'm not sure there's great long term reassurance in that.

"We regret any inconvenience this may cause," said Mr Steinhafel.

A decent thing to say, of course... but it's a major understatement as well. Cumulatively this kind of inconvenience, at various levels, is beginning to make life a lot more complicated.

For some of the particulars about the developing fallout in the Target story, here's a report on the Krebson Security blog, which originally broke the story about the security breach...

Cards Stolen in Target Breach Flood Underground Markets
Dec 20, 2013
[krebsonsecurity.com...]

Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned.

Turns out that it was 70 million [bbc.co.uk...]

My son's debit card was one of 'em. No fraud detected but the bank sent a new one anyway.

I don't know what was more surprising, Target getting hacked, or them having 70 million customers. ;)

Thought I'd kick this up with the latest from KrebsOnSecurity, who has continued to follow the story....

Email Attack on Vendor Set Up Breach at Target
Feb 12, 2014
[krebsonsecurity.com...]

The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.

Both the article and the comments after are fascinating. Lest you laugh your head off at the end of the fifth paragraph and think that explains it all, the front line email defense mentioned is only part of the story.