The discovery during the height of the Christmas shopping season that the debit and credit card numbers of 40 million Target customers had been stolen was extremely unsettling to anyone who believed brick and mortar stores offer a higher layer of protection from cybercrime than Internet sellers.

However, this brazen attack may not be a one-time success during a busy holiday season; experts warn it could be the tip of the iceberg.

The issue has caused such concern Congress held several hearings on the matter during the past weeks. “The unfortunate reality is that (Target) suffered a breach, and all businesses – and their customers – are facing increasingly sophisticated threats from cybercriminals,” John J. Mulligan, Target’s chief financial officer told lawmakers.

In addition to the 40 million debit and credit card numbers stolen from Target customers, the company said thieves also were able to obtain other personal information, such as names, home addresses and telephone numbers, from an additional 70 million customers. Michael’s, a crafts store, also was hacked in December and department store Neiman Marcus had been successfully hacked for several months before store officials in January realized it was happening.

According to a study by the Poneman Institute, a Michigan-based research center that focuses on data protection and information security policy, cybercrime cost U.S. businesses $11.5 million in 2012, a 26 percent increase from the previous year. From all indications, the 2013 losses will be higher.

Credit card companies may offer protections for consumers whose information has fallen into the wrong hands, but for some, it may take years before they are able to clean up the financial mess left behind. And even when people do escape unscathed from having their information stolen, their confidence is shaken.

Security experts say several changes should be adopted by both retailers and credit and debit card issuers. A recent report by Verizon Business Solutions said only 11 percent of businesses have adopted industry-standard security measures. Certainly that would be a place to start. Other security experts say changes need to be made to credit and debit cards like those issued in Europe. These cards contain a chip with information that connects in a more-secure way than the cards with strips. Most issuers are pushing for an October 2015 adoption of this new card, but security experts say it needs to happen faster.

Credit cards always have been popular with consumers. And with the growing number of people using direct deposit of paychecks, debit card usage is growing every year.

Unfortunately, in this age nothing will ever be totally safe from hackers. Consumers have the right to feel confident everything is being done to protect their personal information. Businesses should strive to make sure it is the hackers who are playing catch-up and not the other way around.