When does someone get held accountable for this?

MINNEAPOLIS – Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.

The chain said that customers who made purchases using their cards at its U.S. stores between Nov. 27 and Dec. 15 may have been exposed.

It appears that this "breach" came from rogue code that got loaded into the swipe terminals at the checkout lanes nationwide according to some reports in the media.

I have held a merchant account (to take credit cards) in one form or another for a very long time, going back to the 1980s when most merchants (including myself) transacted using paper impressions of credit cards.  It has always, at least in theory and contract, been the merchant's responsibility to protect against this sort of thing and the merchant agreements contain enormous fines for breaches.

Well?

I've never seen a major merchant either significantly fined by the card networks or had their merchant account revoked over something like this, but it does happen with smaller merchants all the time.

It should -- but it should on a non-discriminatory basis.

No, offering "credit monitoring" is not enough when this happens.  The simple fact of the matter is that strict liability is the appropriate standard; if you want my financial data, including the ability to bang my bank account (in a world of debit cards) you had damned well better be fully financially responsible for every cost I incur when you blow it.

Period.