Target said Monday it is investing US$5 million in a multi-year campaign to educate the public on the dangers of scams, after the company disclosed that up to 110 million people may have been affected by a data breach at the retailer's U.S. stores.
The company, under pressure from various quarters including some state attorneys general, has also unveiled the details of a free credit monitoring and identity theft protection for one year for all Target customers who have shopped in its U.S. stores.
Target is facing a public-relations crisis and the proposed investment in cybersecurity education is likely designed to mute criticism.
+ ALSO ON NETWORK WORLD The worst data breaches of 2013 +
It said it had hired Experian to provide its ProtectMyID credit monitoring and identity theft protection product. Customers have to sign up to receive an activation code for the facility at creditmonitoring.target.com. by April 23 and redeem the codes by April 30.
Target said it is working with the National Cyber-Forensics & Training Alliance, National Cyber Security Alliance and Council of Better Business Bureaus to advance public education around cybersecurity.
"A group of nationally recognized, respected cybersecurity organizations in cybersecurity and consumer protection will launch a campaign to educate consumers about cybersecurity and the dangers of phishing scams," Target said in a statement.
Target said last month that data from about 40 million credit and debit cards may have been stolen at its stores between Nov. 27 and Dec. 15. The company said Friday that the damage could have been far more with information including names, mailing addresses, phone numbers or email addresses of an additional 70 million individuals also likely to have been compromised.
The company's CEO Gregg Steinhafel said in a TV interview that the company does not know the full extent of what transpired, though it has established that malware was installed on its point-of-sale registers.
Target has said its customers will have zero liability for any fraudulent charges arising from the breach. The cybersecurity education group will convene for the first time this week in Washington D.C.