Target "acquires data"
It was our priority to inform as many guests as quickly as possible. Relevant emails were pulled from a variety of sources.
It looks like Target is mailing data that was never given to them in an effort to “inform” customers of the data breach.
There are lots of problems with how Target is managing this email campaign. The first is in delivery. They’re hitting thousands of traps on one small part of dedicated traps at Spamhaus. They’re also blocked at Spamcop and have hit over 70 traps in the last 24 hours. Senderscore shows the IP has almost 100 trap hits as well, and a high unknown user rate.
On top of that, when we called the number Target gave us in the email, the phone rep told us that the address the mail was sent to was not in the Target database. Thus, she concluded, that the mail was actually a phishing email. Now, I don’t believe it was a phish, I think it was legitimate. But you can’t have your front line folks answering the phone telling people the mail you sent out was phishing.
There are a number of other problems with this mailing, that we’re still cataloging and will report on next week.
Overall, though, the email handling of this notification was a total failure on Target’s part.