Target Data Breach Touches 40 Million In-Store Shoppers

If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity.  Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes  (CVVs) often imprinted on the backs of cards.

The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines.  Only in store purchases are at risk, so online shoppers need not worry.

Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation.  Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.

This breach is one of the largest ever of American consumer data, nearly matching that of TJX (TJ Maxx and Marshalls stores), which experienced a data breach in 2007 that affected more than 45 million customers.  2013 has been a particularly bad year for breaches overall.  Overall, one in four Americans have been told that some personally identifiable information has been lost or compromised because of data breaches, according to a recent report from Experian, and the pace of attacks is expected to continue rising through 2014.

In a letter sent to Target customers, Target officials say those who have noticed irregular activity on their accounts should call the firm at 866-852-8680.  In addition, all Target shoppers should:

  1. Review their credit card activity online on a daily basis to monitor for suspicious activity.
  2. Set up automatic account alerts with your credit card provider to quickly detect any misuse of cards.
  3. Visit AnnualCreditReport.com to see if there are any newly established, fraudulent accounts set up.
  4. Cancel your credit card if they notice any suspicious behavior. If it’s a debit card, I would cancel it no matter what given that it connects directly to your bank account. Make sure to transfer balances, miles and to switch any auto-pay accounts to the new card.
  5. Freeze your credit with the 3 credit scoring bureaus.
  6. Consider ID Theft monitoring services to help you keep track of abusive behavior of your information online.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

 

Posted by Identity Theft Speaker John Sileo in Fraud Detection & Prevention, Identity Theft Prevention, Sileo In the News and tagged , , , , , , , , , .

1 Trackbacks/Pingbacks

  1. Pingback: Data Breaches: Will You Stop Using Plastic? | Identity Theft Wall on March 11, 2014

4 Responses to Target Data Breach Touches 40 Million In-Store Shoppers

  1. Kaycee Farrell: January 11, 2014 at 5:28 am

    And what now, John? Any update to this now that the leak may have involved beyond 100m cards?

  2. John Sileo, Identity Theft Speaker: January 13, 2014 at 3:16 am

    Kaycee, Great to hear from you! Now that they have fessed up to how many identities were actually lost (maybe not for the last time), the advice is still the same: if you have shopped at Target in the past several months (in person or on line), cancel your credit or debit card and ask for another. I would also recommend freezing your credit, which you can learn more about at http://www.sileo.com/2. Thanks for asking!

  3. Kaycee: January 13, 2014 at 6:45 am

    Okay. Thanks for the update, John! And if we have family who were advised by their bank not to worry, originally . . . They are “on it”, would you recommend they ask these cards still be cancelled as a precaution?

    Also, what is the best way you recommend our referring people to you or sharing your blog/website/newsletters with family & friends? Send your newsletter or website link directly? Share your FB page?

  4. John Sileo, Identity Theft Speaker: January 13, 2014 at 3:42 pm

    Kaycee, NO MATTER WHAT THEY HAVE ADVISED, CANCEL THE CARD. They just don’t want to spend the few dollars to send out a new card to each customer, but it will save you a lot of time and money knowing that your number won’t be abused. In terms of referring people to my materials, you can send them to the RSS feed (http://www.sileo.com/blog/), have them sign up for my newsletter (http://www.sileo.com/newsletter/), Like our Facebook page (https://www.facebook.com/JohnDSileo), or follow our tweets (twitter.com/john_sileo). Do you remember when we used to communicate by talking directly to people? Now we have so many options!

Leave a Reply