the clear, which would be a mistake. i believe target should audit their systems, look at web applications, train their people against social engineering attacks. imagine how easy it is for a hacker to break into target or any company s network. they could send a trap or document or pdf file. once the employee is tricked, it gives the hacker control over the computer. it s really that easy. the hacker only has to find one victim at a company to compromise to get their foot in the door of that company s network. you know, what you mentioned reminded me about companies, retailers saying do you want a printed receipt or e-mailed receipt? it makes me leary to give out my e-mail address to get information from a retailer.