Seems like Target etc were hacked over long periods of time. And they slowly leaked data and money.<p>When they find out about these attacks, they make it seem like one incident where 50,000 people were targeted.<p>Is this true? Or are these attacks usually incremental and the PR play is just to act like it is a one-shot?
Yes. Also, both.<p>An attack is just a special case of building a computer system. Planning, building, and testing often take a while. Execution can happen <i>very quickly indeed</i>. If you time the attack from "start of execution of final payload script" through "last byte of data transferred by payload script" then many commercially significant attacks were over in milliseconds.