In terms of the impact on Target customers, experts were more concerned with the type of data described in the retailer's latest update than in the original disclosure about card numbers.
That's because the issuer usually absorbs the fraudulent charges on debit and credit cards. The other information stolen could help criminals build profiles on individuals, who can then be impersonated while applying for loans or filing a bogus tax return for a refund.
"If you find out that the (Internal Revenue Service) has given a refund to someone else in your name, you're looking at months of working with the IRS and waiting for them to work through the backlog of these cases," Neil Chase, spokesman for LifeLock, an identity theft protection company, said.
Target expects to suffer losses from the breach. In an updated forecast for the fourth quarter 2013, the company said financial results may include charges related to the hack, but was not yet able to estimate the cost. The charges could include reimbursement for card fraud and legal expenses resulting from lawsuits.
The company also reported "meaningfully weaker-than-expected sales" following the announcement of the breach, which occurred at the height of the holiday shopping season.
Sign up for Computerworld eNewsletters.