p18hqdfiklulcoqkscr1j74r566.jpg
The recent Target breach has loomed large among the media, cardholders, bankers, retailers and lawmakers. But it's not the largest card-related data breach, nor even the latest - it's only one link in a large chain of security lapses over the past decade. Following is a look at some of the most memorable events. (Image: Thinkstock)
p18geo6amq1j9k8hp14p41arh18aq4.jpg

Barclays - February 2014

London-based Barclays, the U.K.'s second-largest bank by assets, spoke in early February with regulators, customers and British authorities about a possible criminal leak of client account information. The bank said the leak may date from 2008 or earlier and is linked to a financial-planning unit that was shut in 2011. As many as 27,000 customer files containing personal and financial information were taken and sold to brokers to be used for investment scams, newspaper reports suggest. The information is said to include details of income, savings, mortgages, health issues, insurance policies and passport and national insurance numbers.
p18geo6amq1eq174g1tlefmcpo7b.jpg

T.J. Maxx - December 2006

Retailer T.J. Maxx said computer hackers stole data from at least 46 million credit and debit cards over 18 months beginning in July 2005. Also stolen during the period were drivers' license numbers and other personal data for 455,000 consumers.
p18geo6amq1e5r1va2i6h1j491t5b6.jpg

Heartland Payment Systems - December 2007

The large credit and debit card payment processing company suffered a breach that led to the theft of 130 million credit and debit card numbers. Heartland passed a security audit the following April in which it was deemed compliant with Payment Card Industry Data Security Standards. The breach was discovered several months later. This remains the largest-ever data-breach case in the U.S.
p18geo6amqeapn0u107a1jo41r6j7.jpg

JPMorgan Chase - December 2013

JPMorgan Chase warned 465,000 holders of prepaid cash cards last December that their personal information may have been accessed by hackers who attacked the bank's network earlier in the year. The cards were issued on behalf of government and corporate card clients and used for things like tax refunds and unemployment benefits. The breach affected the online portal used by customers, www.ucard.chase, between July and September of last year. An unknown number of hackers were able to access customers' prepaid card data.
p18geo6amq18621n9vhi61e84td9a.jpg

Target - December 2013

Point-of-sale malware called BlackPOS was used to infiltrate Target's network and skim card "track" data (cardholder names, account numbers, expiration dates) from 40 million debit, credit, prepaid and proprietary Target decoupled debit cards used in stores by shoppers between Nov. 27 and Dec. 15. The malware was designed to intercept card data immediately after a card was swiped and park it in the terminal's flash memory before the data was encrypted and forwarded for authorization. The malware then skimmed the contents of the card terminals' memory.

Target has said that 70 million records of consumer email addresses and phone numbers were also stolen. (Image: Bloomberg News)

p18geo6amq1bdh6tq1jms1svlplm9.jpg

Neiman Marcus - January 2014

On January 1st, the retailer says a forensics firm discovered evidence that malware scraped credit card data from its network between July 16 and October 30, 2013. During that time, information from about approximately 1.1 million payment cards may have been visible to hackers.
p18geo6amqss5om6154trqfv368.jpg

Michaels - January 2014

At the end of January, craft store chain Michaels said it was investigating a possible data security attack, CEO Chuck Rubin said in a letter to customers. Michaels did not disclose the scope of the potential breach. It has about 1,100 stores in the U.S. and Canada. Michaels also suffered a data breach three years ago that targeted its point of sale terminals.
MORE FROM AMERICAN BANKER