Expect more, pay less has brought new meaning to the Christmas shopping rush as Target confirmed early Thursday that information from nearly 40 million of its customer credit and debit cards may have been compromised by a data breach during the height of the holiday shopping season.
Occurring at nearly all of their stores nationwide, the data breach occurred between November 27 and December 15, 2013. Target said it immediately contacted authorities and financial institutions once it became aware of the security breach.
“Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” stated Gregg Steinhafel, chairman, president and chief executive officer, in a prepared statement early Thursday. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue. The Minneapolis based-company also reported that they were teaming with a third-party forensics firm to investigate the breach.
Security news writer Brian Krebs – who broke the story for KrebsOnSecurity.com on Wednesday – said the data breach could not have come at a worse time for shoppers and Target.
“I can’t think of another day in the calendar when target or anyone else could expect to have more people in stores. More deals, traffic, more swipes — perfect day to launch an attack,” Krebs told ABC News.
The breach is believed to have affected nearly 40,000 card machines at nearly 1,797 Target stores nationwide. While millions of cardholder accounts are potentially vulnerable, online purchases have not been affected.
“The information that’s stored on the magnetic strip — name, card number, expiration date, other info — if bad guys can steal that card … they can actually create a second copy,” Krebs said. “If thieves can create a second copy and were able to intercept a PIN number, that could allow them to withdraw money from ATMs.”
Customers who may have been affected should pay close attention to their credit card and debit statements, said Krebs.
“Advice to customers — be vigilant, pay attention to your statement if something doesn’t look right,” Krebs cautioned. “Whether or not you feel like you might be impacted by this breach, it’s a really good idea, particularly around this time of year, to pay attention to what’s on your debit and credit card statements.”
While consumers will be reimbursed for any fraudulent charges, the refund might not come until after Christmas, creating another headache for shoppers who are operating on limited funds.
For more information, please visit Target’s corporate website. Consumers who suspect unauthorized or fraudulent activity may contact Target at 866-852-8680.
*********
Bill Lewis is principal of William E. Lewis Jr. & Associates, a solutions based professional consulting specializing in the discriminating individual, business or governmental entity.
For daily updates on The Credit Report with Bill Lewis, you can join Bill’s 15,500 plus fans on Facebook at: http://www.facebook.com/thecreditreportwithbilllewis.
William E. Lewis Jr. - Bill Lewis - Vero Beach, Florida 