Target Corp said data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday season, beginning the day before Thanksgiving and ending Dec. 15.
Officials said the company's online customers are unaffected. The type of data stolen — also known as "track data" — allows thieves to make counterfeit cards by copying stolen credit card information onto another card with a magnetic stripe.
The company has hired a third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures that could be taken to prevent incidents of this kind in the future. Target Corp. said in a release that it is putting its full resources behind these investigative efforts.
Paul Hartwick, spokesman for Chase Bank, one of the largest U.S. credit card issuers, helped break down what to do if your credit or debit card has been affected.
Q: How do I know if my credit card data was stolen?
A: Target officials said if you shopped at one of the stores between Nov. 27 and Dec. 15, 2013, you should check your account for unusual activity. This is not limited to Target-card holders. Anyone who used a credit card at the stores could be affected.
"The best way to figure out whether your account has been breached is keep an eye on your account. Look for transactions you don't recognize. The good news is that Chase and many other banking institutions will not hold you liable for these charges," said Hartwick.
Q: How is Target handling the security breach?
A: In an announcement posted to its website this morning, Target officials did not say when they first learned of the breach but it has been investigating. Target has alerted authorities and financial institutions and urged credit card users to work with the three credit reporting companies if fraudulent activity is suspected.
Q: Has the issue been resolved?
A: Target said in its announcement that the data issue is resolved.
Q: What should I do if my card has been breached?
A: The first step is to contact your banking institution. Often there will be a number on the back of your card, according to Hartwick. The important thing to remember, he said, is that you can continue to use your card normally. Target Corp. also suggested in a release to contact the Federal Trade Commission or law enforcement to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC's Web site, at www.consumer.gov/idtheft , or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Q: Is it possible to recover any money stolen from credit or debit accounts?
A: Chase Bank, in addition to many other U.S. banks, will not hold you liable for fraudulent charges as long as they are identified in a timely manner.
Q: What information do the data thieves have access to?
A: According to Target Corp., the information involved in this incident included customer name, credit or debit number, card's expiration date and security code.
Q: How did the Target security breach happen?
A: As of Thursday morning, officials have not said how the breach occurred or if they know who is responsible.
Q: Might such a large security breach become more common in the future?
A: Bad guys are always at work, and it's important that merchants as well as customers stay aware, Hartwick said.
Q: What are best practices a consumer can keep in mind to avoid this happening again?
A: A large amount of fraud is stopped before it starts, according to Hartwick. "Chase and other banks often monitor accounts for suspicious activity and stop fraud before you ever see it on your account," he said. It's still important, however, to check your bank account regularly and make sure there are no charges that you don't recognize. "The biggest and best thing customers can do is be aware, shop at reputable places such as Target, monitor your account information, be in contact with your card issuer and be aware."