Target confirmed Friday that encrypted debit card PIN data was stolen during a holiday shopping season security breach, the Associated Press reported.
According to Target, hackers stole card numbers, security codes and other data from as many as 40 million credit and debit cards swiped at Target stores from the end of November through mid-December. This is the second-largest data breach in United States retail history.
Target has 1,797 stores in the U.S. and 124 in Canada.
Paul Hartwick, spokesman for Chase Bank, one of the largest U.S. credit card issuers, helped break down what to do if your credit or debit card was affected.
Q: How do I know if my credit card data was stolen?
A: Target officials said if you shopped at one of the stores between Nov. 27 and Dec. 15, 2013, you should check your account for unusual activity. This is not limited to Target-card holders. Anyone who used a credit card at the stores could be affected.
"The best way to figure out whether your account has been breached is keep an eye on your account. Look for transactions you don't recognize. The good news is that Chase and many other banking institutions will not hold you liable for these charges," said Hartwick.
Q: How is Target handling the security breach?
A: In an announcement posted to its website, Target officials did not say when they first learned of the breach but it has been investigating. Target has alerted authorities and financial institutions and urged credit card users to work with the three credit reporting companies if fraudulent activity is suspected.
Q: Has the issue been resolved?
A: Target said in its announcement that the data issue is resolved.
Q: What should I do if my card has been breached?
A: The first step is to contact your banking institution. Often there will be a number on the back of your card, according to Hartwick. The important thing to remember, he said, is that you can continue to use your card normally. Target Corp. also suggested in a release to contact the Federal Trade Commission or law enforcement to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s Web site, at www.consumer.gov/idtheft, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Q: Is it possible to recover any money stolen from credit or debit accounts?
A: Chase Bank, in addition to many other U.S. banks, will not hold you liable for fraudulent charges as long as they are identified in a timely manner.
Q: How did the Target security breach happen?
A: Officials have not said how the breach occurred or if they know who is responsible.
Q: Might such a large security breach become more common in the future?
A: Bad guys are always at work, and it's important that merchants as well as customers stay aware, Hartwick said.
Q: What are best practices a consumer can keep in mind to avoid this happening again?
A: A large amount of fraud is stopped before it starts, according to Hartwick. "Chase and other banks often monitor accounts for suspicious activity and stop fraud before you ever see it on your account," he said. It's still important, however, to check your bank account regularly and make sure there are no charges that you don't recognize. "The biggest and best thing customers can do is be aware, shop at reputable places such as Target, monitor your account information, be in contact with your card issuer and be aware."