I was out of town for a month and missed the information about Target credit/debit card breach. I am sending this letter just in case you also missed this.
The following information appeared on the web:
NEW YORK (AP) - Target's pre-Christmas security breach was significantly more
extensive and affected millions more shoppers than the company reported last month.
The nation's second largest discounter said Friday that hackers stole personal
information - including names, phone numbers as well as email and mailing addresses - from as many as 70 million customers as part of a data breach it discovered in December.
Target Corp. disclosed last month that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15 - just as the holiday shopping season was getting into gear.
According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for some 70 million shoppers who could have made purchases at Target stores outside the late Nov. to mid-Dec. timeframe. Some overlap exists between the two data sets, the company said Friday.
"I know that it is frustrating for our guests to learn that this information was
taken and we are truly sorry they are having to endure this," said Gregg
Steinhafel, Target chairman, president and CEO, in a statement.
After doing some research, I found that Target posted a question/answer form that I found helpful.
Questions:
Should I call Target to see if my credit or debit cards were affected?
You don't need to call us unless you believe there are suspicious charges to your
Target REDcard. Target already has fraud alerts in place and is actively monitoring REDcard accounts that may have been impacted.
The banks that issue non-Target credit and debit cards also have been notified and have similar processes in place. You too, should keep a close watch on your account by reviewing your credit or debit card statements.
You should call your card's issuing bank if you discover any suspicious, unusual or fraudulent activity.
Alex from CEO Computers informed me that she canceled the REDcard (a debit card) and was told to use a credit card for future purchases - but she will not be shopping at Target any time soon.
Will my card's financial institution be able to tell me if I was impacted?
Target has shared the information we have on impacted credit and debit card
information with the processors, who in turn, have shared with the issuing banks.
You should continue to closely monitor your credit or debit card account
information and immediately report any fraudulent or suspicious activity by calling
the number on the back of your card. One recommended safety precaution is to
change the PIN number on your debit card.
If you decide to change your PIN number on your Target REDcard debit card, go to Target.com/RCAM.
If I used my credit or debit card at Target.com or in Canada between Nov. 27 and
Dec. 15, should I be concerned?
No, this payment card issue impacted U.S. stores.
I heard that CVV information was impacted. Is the CVV code the same as the three-digit security code on the back of my card?
There are two types of CVV data: CVV, which is encoded on the magnetic stripe and CVV2, which is the three or four digit value that is printed on the back or front
of your card. We have determined that this breach impacted CVV information. At
this time, we have no indication that CVV2 data was compromised; and therefore, no indication that the three- and four-digit security codes are impacted.
Will I be held liable for fraudulent charges on my card?
Absolutely not. You have zero liability for the cost of any fraudulent charges as
the result of this breach.
What impact did the breach have on PIN numbers?
On Dec. 27, we were able to confirm, through additional forensic work, that
strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.
Why does Target think PIN data can't be compromised?
Due to how the encryption process works, Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target's systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the "key" necessary to decrypt that data has never existed within Target's system and could not have been taken during this incident.
Should I change my PIN?
We remain confident that PIN numbers are safe and secure. If you would prefer to update your PIN, you can manage your REDcard PIN by logging on to your Target REDcard account at Target.com/RCAM or contacting your bank.
How do I know that emails and information I receive are actually from Target?
We have posted copies of our email communication related to this breach incident to Target.com/databreach, so you can compare any emails you receive to official copies of the emails that Target has distributed.
I received a call, text or email from someone who said they were with Target asking for my social security number, credit card number, and/or other personal
information. What should I do?
Do not provide that information. Be wary of scams that may appear to offer
protection but are really trying to get personal information from you.
If you have any suspicions about the authenticity of an email or text, do not click
the links in it. Please go directly to the sites you need to access.
I know there are scams that are going on. What is Target doing to deal with
consumer scams arising from the incident?
We are aware of some scams concerning phishing in the form of e-mails, text, fake websites and phone calls designed to steal personal information from our guests in the wake of the recent data breach. We have posted tips on how to avoid these scams, and are also working with partners, including Facebook and Twitter, to help shut down fraudulent websites and scams intended to exploit Target guests. We have helped take down more than a dozen consumer scams to date.
What kind of scams do I need to watch out for?
Following an event like a data breach, it's common to see fraudsters use emails,
texts, phone calls and fake websites to try to steal your personal information.
*Social Engineering: Using fraud or deception to manipulate people into performing actions or divulging information that they would normally not share.
*Social Engineer: A scam artist who contacts individuals via phone, email, text
message or even in person to gather information for the purposes of fraud, data
system access, identity theft and more.
*Phishing: A social engineer uses a fake email to trick recipients into giving up
credit card information, passwords or other sensitive information. The email may
appear to come from a trusted source, such as a reputable company or bank, and
often includes personal details so it appears the sender knows you.
*Smishing: Similar to Phishing (see above), a social engineer sends a fake Short
Message Service (SMS) text message to your cell phone, announcing that you've won a prize or offer from a trusted company or bank if you follow a link to a website and enter a code. Clicking the link can expose your phone to malware.
*Pretexting: When a social engineer impersonates someone with authority and creates a fake scenario to trick unsuspecting individuals into sharing private or sensitive information.
What are some things I can do to avoid social engineering scams?
* Never give out private or personal information, including financial details,
unless you can verify the identity of the person or organization contacting you.
* Don't respond to texts or emails coming from a contact you don't recognize, and don't click on links. Instead, if you need to check on your account, type the site address you want visit into your browser and securely log into your account.
* Don't send money to strangers; scam artists often insist that you wire money,
especially overseas, because it's difficult to trace the transaction.
* Keep an eye on your monthly statements. If your account information is stolen,
fraudsters can use it to charge purchases or commit crimes in your name. Watch for unusual charges such as "membership fees" and other goods or services you didn't authorize. If you see a charge you don't recognize, contact your account provider immediately.
What are some red flags that indicate I might be dealing with a social engineer?
Some common red flags that help identify a social engineer include:
* Refusal to provide contact or call-back information
* Acting rushed, pressed for time or intimidating
* Name-dropping
* Extremely friendly
* May seem to know some personal information already, but is asking for more
* Poor grammar or spelling
* The links or attachments in an email seem suspicious
What should I do if I suspect I've been contacted by a social engineer?
If you think you may have been scammed, there are a number of things you can do to protect yourself:
* Report the incident to the Federal Trade Commission, or, if you live outside the
U.S., file a complaint at econsumer.gov. You can also report scams to your state
Attorney General.
* Forward email spam to spam@uce.gov.
What are your call center hours of operation?
Agents are available to take calls from 7 a.m. to 11 p.m. (CST) daily.
Why can't I get through to your call center?
Our call centers continue to experience significantly higher than normal volume. We have been adding capacity both to our call center and technical systems to resolve the issues, and apologize for the inconvenience and frustration.
Can I still use my credit or debit card or should I call to get a new one?
Yes, you can continue to use your card.
You should continue to closely monitor your credit or debit card account
information and immediately report any fraudulent or suspicious activity by calling the number on the back of your card. As an additional precaution, you may want to change your PIN number on your Target REDcard debit card. You can do this by logging in to Target.com/RCAM.
I want to get a new credit card. Can Target help with this?
Target can help with REDcard credit or debit cards only. We do not have access to
other financial institutions' credit or debit card account information. If you have
a non-Target credit or debit card, then specific concerns about your account can be addressed by calling the number on the back of your card.
How can I check my account if I can't get through to the call center?
The REDcard online site is fully functional and is a great place for you to
continue to monitor your account.
If I close my account, can I reopen it later?
A Target REDcard account that is closed cannot be reopened, but you can apply for a new account. Please be aware that you must wait at least a day after closing your REDcard account to reapply. New accounts are subject to current terms and conditions, which may not be the same as your closed account. If you have a non-Target credit or debit card, questions about your account can be addressed by calling the number on the back of your card.
How do I add an alert to my REDcard?
REDCard holders can set up alerts through Manage My REDcard so they can be informed every time their card is used. On Target.com, click on "Manage my REDcard" at the bottom of the page. Sign in to the My REDcard page with your username and password. Under Settings, click "Set Alerts" on the left hand navigation menu. Select your alert and delivery preferences. Click "Save" and you're ready to receive alerts.
--------------------------------------------------------------------------------
