The Target Credit Card Breach: What You Should Know

40 million shoppers could be at risk for credit and debit card fraud.

  • Share
  • Read Later
Reuters / Larry Downing

If you did some Christmas shopping at Target over the last few weeks, you’ll want to pay close attention to your credit card statements, as the retailer is dealing with a major data breach.

Target is just now confirming the security breach that resulted in compromised credit card information, but some of the details are still missing. Here’s what we know so far, and what Target shoppers should be aware of:

Who is affected?

Target says 40 million credit and debit cards may have been compromised. If you shopped at a U.S. Target store between November 27 and December 15, you should assume you’re at risk and keep a close watch on your account statements. It’s not clear whether every Target store was affected, but at least one card issuer says it’s seeing signs of fraud all over the United States, according to Krebs on Security. You’re not in any danger if you shopped at Target’s website, or one of the company’s Canada stores.

What information was taken?

Target says the attackers gained access to customer names, credit card or debit card numbers, card expiration dates and CVV security codes. Krebs on Security and the Wall Street Journal report that the thieves accessed data from the magnetic stripes stored on the back of credit and debit cards.

What’s the risk for Target shoppers?

The attackers could use magnetic stripe data to create counterfeit payment cards. The Wall Street Journal notes that crime rings often use these counterfeits to purchase gift cards at major retailers, and then convert them back to cash. The attackers could also withdraw cash from ATMs if they managed to steal PIN data from debit transactions, Krebs on Security notes.

What the heck? How did this happen?

Security breaches often involve hacking into a company’s servers and making off with the data, but the Target breach appears to be different. According to the Wall Street Journal, this theft “may have involved tampering with the machines customers use to swipe their cards when making purchases.” How the thieves were able to compromise payment terminals on such a large scale is unclear.

What should Target shoppers do now?

Target recommends keeping an eye on your credit or debit card statements and calling your bank or card provider if you see any fraudulent activity. As a general rule, you should get a copy of your credit report periodically by visiting AnnualCreditReport.com or calling (877) 322-8228. You can also set up a fraud alert through the three nationwide credit reporting agencies, Equifax, Experian and Transunion.

The problem, as one Krebs on Security commenter points out, is that automatic fraud detection could fail if the thieves are able to localize the stolen card details and make purchases near where cardholders live. The only guaranteed way to avoid fraud is to cancel your card and get a new card number, but that might not be necessary if you keep a close watch on your statements.

What is Target doing about the breach?

The retailer says it has “moved swiftly to address this issue so guests can shop with confidence,” and has also hired a third party forensics firm to investigate. The Secret Service is also investigating, as it often does for large-scale credit card data hacking.

How common is this sort of thing?

Too common, unfortunately. A 2007 security breach at T.J. Maxx resulted in the theft of card numbers and personal data for roughly 90 million customers. Worth noting in that case is that the original estimate was just 45.7 million affected customers — still enough to be the largest payment card security breach ever at the time. Federal prosecutors are also still investigating a group of security breaches that resulted in more than 160 million stolen credit and debit card numbers, from companies including J.C. Penney, 7-Eleven and JetBlue. A breach of Heartland Payment Systems in 2009 resulted in stolen data on more than 130 million cards.

32 comments
MESPARZA
MESPARZA

my credit card just got compromised and due to target .I saw weird and large amounts of cash transfers to western union from my bank when scrolling through my phone. I was lucky My bank took action and my money was recovered. I CAN'T SHOP TARGET ANYMORE its a shame but who can assure me this wont happen to me again. I keep hearing the corporate mention that they hired third part staff to take action for preventing these issues in the future Its all bull crap  I just learned of two patients that recently got hacked. I WANT NOTHING TO DO WITH TARGET

mikeh4556
mikeh4556

I just got my statement $5800. charged in Amsterdam 6000 miles away canceled my card and they said the charges would be taken off. I think the charges are just starting surface for millions of people.

simplydrena
simplydrena

Due to this target scam, (Rushcard the worst company ever) sent out replacement cards due to this target ordeal and they dont inform you and then they block your card until you get a new one which leaves you without your money until you renew your card which can take weeks! Many people are left broke and without paychecks because they rely on this card which they are unable to use now!

MelissaLemoine
MelissaLemoine

TODAY "I" was notified by my bank that my debit/charge card was one of many that had been compromised due to "TARGET."   Thanks a lot, now I have to travel 45 minutes away to sign documents , then go back another day to pick up a new card. So that means 2 days off of work due to Targets inability to protect their customers . Not only 2 days of being off of work with NO PAY but 2 wasted days traveling and more EXPENSES,GAS IS NOT CHEAP .I am a single mother who needs that work trying to raise my daughter, I cannot even afford to take off to spend quality time with my daughter (father passed away) much less for something

like this that should have never happened. So as of now, my card has been canceled until I go to bank to apply for another one then return to pick  it up at a later date.

JonieB-WI
JonieB-WI

So today I discovered my card was compromised. A charge for 190.79 went through for SEARS.COM, and a pending charge sits for 262.00 for MEMORYDEPOT.COM. The bank told me that there were still another 4- "PREAUTHORIZED" purchases coming through the system, and that they could not stop them. So I get to first- cancel the card and use my checkbook now (where checks are not accepted all over the place anymore!!), wait 7-11 days for a new card to arrive, and complete a fraud dispute for each charge coming through which is not reviewed or handled for 24-48 hours once received. I am completely inconvenienced by this failure on Target's behalf, and all they are providing is apologies, free credit reports, and sad faces?


In addition, my rent check bounces, the landlord has to wait on their money, and I need to go grocery shopping. On top of it I am a single mother that is not rich!!! 


Target needs to do something more than offer free credit reporting services!!!!

ginazic
ginazic

My card was compromised, and my credit card was cancelled, but its a debit card where my child support is funded to, and hey target doesn't even give anything to me or people this happened to say hey we are sorry for this so whyyy? should I return to this store??I say GOODBYE TARGET , HELLO WALMART AND KMART!!

DanP
DanP

So Target is still not bellying up and actual telling what really happened. I love how the experts say check your credit charges... for how long? Who said your hacked info will be used soon...... could be months later. Better to  just cancel your effected cards and not get another one from Target. Funny, of what I read, we all will be paying more for Target's blunder in more fees from the credit card companies. And what is not  being told.... this has happened other places also, but the Target news has drowned out the other breaches!

sltahoe88
sltahoe88

It's about time the good old USA gets with the program and spends the money to make our debit/credit cards safe as has the rest of the world. Quit saying it's too expensive to fix which is the same excuse Ford used when told about the position of the fuel tank on the Pinto. They figured it was cheaper to pay law suites than spend money to fix the problem.

PaDelta
PaDelta

Are the savings worth it when the Banks use outsourced customer service companies that have access to all the data and operate from nations that have no security regulations?

If the breach is from any of those outsourced companies the Bank is quick to refund, never files charges and passes it off as a loss amongst all the other card holders to avoid further investigations.

Grin
Grin

If only the security vulnerabilities of electronic 'voting' systems would get as much notice   ...

ginger
ginger

How fitting that Target, a company who previously was a favorite of mine became one I recently had to report to the Consumers Financial Protection Bureau for their greedy tactic of charging a late fee when the bill is paid by phone on the due date. At 2:20 pm I called in to make the payment due, only to be told that their billing department is 3 hours ahead so the payment is late as it was made at 5:20 pm...their time. Whatever the due date is, that means due by 11:59 pm anyway...certainly not based on their location time, but rather than the customer's location time. 


How is a customer supposed to know where a company's billing department is located? It could even be in China or the Phillippines!!! After trying to reason with the rep, as well as the management about it, and being told, "Sorry, we still have to charge a late fee," I was furious and decided to report them. Most companies even allow a 24-hour grace period for that reason. If Target is treating their employees as badly as they are treating their customers, perhaps it was an angry employee who pulled these security breaches. Wonder how many $millions their CEO is making while Target is paying minimum wages to its employees and making millions on unjustifiable late fees.

jonog
jonog

Happened to me. I had to cancel cards and reorder new.

Halegrafx
Halegrafx

For redcard Debit users, one option may be to go back to target and attempt to make a small purchase. Bring your red card and some cash if you would actually like to make the purchase. When you checkout swipe your redcard and intentionally enter the wrong pin a few times. I did this in the past thinking my pin was that of another card. This disabled my redcard until I was able to call customer service and verify my info. You can then either complete the purchase with another payment method such as the cash or decline the purchase and leave. Once customer service is reachable, cancel the disabled card.

SandyDonald
SandyDonald

If some loser steals my card, Target is responsible for any charges.  I sure as hell am not.  I've been calling for 2 days, trying to cancel the card.  All I have ever gotten is a busy signal.  I'm not shopping there again until this is all sorted out and I have a new card.

DaynaJohnson
DaynaJohnson

Cancel the card?? Can't even do THAT! 

There are two phone #'s for Target; both of them are on fast busy signal all day.

 Went to Target; no help there... just "call the two phone numbers".

 Ya, right... those of us who used Target Redcards are up the creek with no paddle until we get our next statement.

cd47
cd47

Make every card transaction go through a unique security code that the owner will punch in after it is swiped to validate the transaction. This will be known only to the card owner so that the rest of the data on the card will be unusable to the thief. 

Riizzoe
Riizzoe

 Can we bill Target the time it takes me to get a new credit card or the time it takes me to correct a fraudulent charge? Think it is about time to make a company pay for their own security breaches. 




Riizzoe
Riizzoe

Can we bill Target the time it takes me to get a new credit card or the time it takes me to correct a fraudulent charge? Think it is about time to make a company pay for their own security breaches. 

TimLiao
TimLiao

What bothers me is Target doesn't require ID to use RedCard; so someone can charge up thousands and thousands of dollars on a stolen credit card. 

StinkaMN
StinkaMN

I work for a small internet retailer, and when we try to encourage cardholders to file a police report, they are either disinterested, or the police tell them there is nothing they can do about the fraud. Even when we provide information as to where the fraudulently obtained merchandise was shipped. Law enforcement cannot handle this issue, the horse has left the barn. The banks don't seem to care because either they chargeback the merchant, or get the money from the cardholders.  No skin off of their noses.


There needs to be a federal law that mandates card issuers to set up a system in which a PIN used specially for non-card present environments. It's separate from the ATM PIN, but what it would denote to the online merchant accepting the credit card number and CVV that it is the real cardholder attempting a transaction.

sweetpea1
sweetpea1

Target is full of [fill in the blank] - the breach started long before Nov 27.  I have had to cancel 2 cards (different issuing banks) in the last 2 weeks because of fraud.  They were cloned and swiped - one used in Milwaukee, the other in Louisiana.  I've never been to either of those states.  I thought it was incredibly strange that this exact same thing would happen to me twice in 2 weeks on separate cards - what are the chances - so I checked my two statements against each other and the only place I used both cards was Target.  But, the latest I used those cards at Target was November 9!  I haven't used either card in the US since November 11, as I've been out of the country!  I'm furious that this happened to me and that it's inconvenienced me so much (plus I'm out of pocket because I have to pay international Fedex charges to get one of the new cards).  But I'm even more furious that Target is lying to the public by saying the breach started Nov 27.  If you've used a card at Target any time in November, watch out!  Might as well cancel it now!

Alyeskan
Alyeskan

The statement on the Target website clearly says the dates of the breech are Nov 27 to Dec 15. Your article says Nov 17, not Nov 27?

Which is it?

LadyBug714
LadyBug714

@ginger I also had late payments charged to me when I paid the day of, sneaky sneaky

Deedur
Deedur

@DaynaJohnsonYou can see your statement and current transactions online at the manage your redcard tab on the target website.

ZRod
ZRod

@cd47 They have similar for online that gives a random security number for online transactions in Europe.  They are way ahead of America for payment security.  Chip and pin is an example.

abcgirl
abcgirl

@StinkaMN In Canada, most retailers require you to provide the PIN number that accompanies the card when you make a purchase at the register.  I was surprised when I moved to Boston and they weren't  requiring me to do it. But, I am sure thieves can get that information on line  just as easily as they get the CSC number  from the back of your credit card.  I just had my card compromised.  Someone purchased a MAC computer from Bestbuy.  I informed Bestbuy immediately and they stopped the order.  If you leave it to the banks, they will let them know eventually, but most likely after it's been shipped.  We should try and stop these purchases ourselves because fraud and shoplifting is what drives prices up.  And it's the customers  who ultimately suffer.

melbenz83
melbenz83

@sweetpea1I agree. I think they did a "test run" first to see if they could get away with it before black friday weekend.  This way they knew it would work.  Months ago my mom had two strange charges for several hundred dollars (I think it totaled around $800) on her mastercard.  The charges were made at Target stores (and not the one she goes to).  Her mastercard never even alerted her--she found out when the bill came in (doesn't do online banking/bill payments) and had to go above and beyond to prove she didn't make the purchases.  And there was NO WAY it was her using the card because it was my wedding day and she was with me the whole day/night and we never stepped foot in a Target let alone the ones the charges were made at.  Anyway, my point is, she only has that one major credit card and shops at Target semi regularly (maybe every other month at least) so I bet this was done to her card and others like your prior to the big "breach" so the thieves could start small and then go big.

CrystalPorter
CrystalPorter

@Alyeskan I noticed this as well... I'm going to go with Target's statement considering they are the actual owner of the issue and this article is just offering up information from other sources.

KimF
KimF

@abcgirlYes it is a good practice to contact the merchants directly to cancel the order. If you notice a fraudulent charge you should let the company know asap. When you tell your bank it takes weeks for them to process the chargeback and send that info to the company.  And at that point the fraudster would already be enjoying the goods purchased with your money!

jsherman316
jsherman316

@newmanjb @CrystalPorter @Alyeskan Jared like i said on my reply i'm sure  target new a lot sooner than what they are reporting.If they announced it right away there season would have been a wash.How much more of a hit do you think they would have taken if we the customer knew that day or the day after.