Millions of Target customers had their debit and credit card information stolen during a security breach, as was first reported on Wednesday.
Security blogger Brian Krebs first reported that “sources at two different top 10 credit card issuers” said the breach extended to “nearly all Target locations nationwide.”
This morning, Target confirmed the security breach in a statement, that concluded approximately 40 million credit and debit card accounts may have been breached between Nov. 27 and Dec. 15, 2013.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
It’s unclear if the breach impacted online shoppers during the timeframe.
The New York Times reports that point-of-sales systems were targeted in the retail stores. If breached, cybercriminals can create counterfeit cards. Should a card holder’s PIN information be stolen, it’s possible for thieves to withdraw money from the customer’s account using an ATM.
[Update: 12:17 p.m.] In response to confirmed reports that millions of Target customers were impacted by the security breach, Attorney General Martha Coakley has provided consumers with a list of tips on how to protect their information against identity theft:
1. Immediately review and monitor your credit and debit card information. The breach appears to have been isolated to credit or debit card purchases at Target’s retail stores. If you shopped at a Target Store using your credit or debit card between Nov. 27 and Dec.15, carefully review and monitor your credit card or other financial accounts for the next 12 to 24 months for any unauthorized activity and monitor your credit reports. If you notice any irregular activity or charges, report them to the issuer of your credit card immediately.
2. Order a copy of your credit report, and look for unauthorized activity. Look carefully for unexplained activity on your credit report. You are entitled to one free credit report per year.
3. Call one of the three major credit bureaus and place a one-call fraud alert on your credit report:
- Equifax: Call (800) 525-6285, and write: P.O. Box 740241, Atlanta, GA 30374-0241.
- Experian: Call (888) 397-3742, and write: P.O. Box 9532, Allen, TX 75013.
- TransUnion: Call (800) 680-7289, and write: Fraud Victim Assistance Division, P.O. Box 6790 Fullerton, CA 92834-6790.
You only need to call one of the three credit bureaus; the one you contact is required by law to contact the other two credit bureaus. This one-call fraud alert will remain in your credit file for at least 90 days. The fraud alert requires creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. When you place a fraud alert on your credit report, all three credit bureaus are required to send you a credit report free of charge.
4. If there is unexplained activity on your credit report, you may want to place an extended fraud alert on your credit report. If after reviewing your credit report you believe there is unexplained activity, you may want to place an extended fraud alert on your credit report. In order to do this, you need to file a police report with your local police department, keep a copy for yourself, and provide a copy to one of the three major credit bureaus. Then an extended fraud alert can be placed on your credit file for a 7-year period. This will mean that any time a user of your credit report (for instance, a credit card company or lender) checks your credit report, it will be notified that you do not authorize any new credit cards, any increase in credit limits, the issuance of a new card on an existing account, or other increases in credit, unless the user takes extra precautions to ensure that it is giving the additional credit to you (and not to an identity thief).
5. Contact the fraud departments of your credit card issuers or bank. You may want to contact the fraud department of the credit card company or bank that you used when you made purchases at the Target stores. These financial institutions can monitor your account for suspicious activity. You may also wish to request a new account number; you can discuss this option with your credit card company or bank.
6. If you are a victim of fraud or identity theft. There are many steps you will need to take to protect your identity. Please see Attorney General Martha Coakley’s Guide on Identity Theft for Victims and Consumers, at http://www.mass.gov/ago/docs/
