Credit Cards Blog

Finance Blogs » Credit Cards Blog » Target card breach: What to know

Target card breach: What to know

By Janna Herron ·
Thursday, December 19, 2013
Posted: 12 pm ET

Target said about 40 million credit card and debit card accounts were compromised in a 19-day data breach starting the day before Thanksgiving.

The retailer said on Thursday the breach, which lasted from Nov. 27 to Dec. 15, included the consumer's name, credit card and debit card numbers, the card's expiration date and the three-digit security card security code. Only customers who shopped in actual stores were affected; online customers were not. Target spokeswoman Molly Snyder said there are no indications that debit card personal identification numbers, or PINs, were accessed.

Snyder would not say how many stores were affected or how the hack was executed. But Krebs on Security, an industry security blog that broke the news about the breach on Wednesday, said that nearly all of the retailer's U.S. stores were affected and the data was collected from the magnetic stripe on the backs of the cards.

"No matter how careful we are with our own data there's no guarantee that the places we shop are equally protective," says John Ulzheimer, credit expert at Credit Sesame.

The good news for consumers is that Target has already contacted banks about the breach. Discover, Chase, Citi, Capital One, Wells Fargo and Bank of America all confirmed that they are actively monitoring accounts for suspicious activity and will contact cardholders if they believe their account has been compromised.

"Discover's top priority is maintaining the privacy and security of our cardmembers," says company spokeswoman Laura Gingiss.

Typically, card issuers will cancel affected cards and send out new cards with new numbers to customers. In some cases, if the customer can't be reached, a card issuer may temporarily shut down the card, so no fraudulent charges can be added.

Consumers who recently shopped at Target stores should be just as vigilant by double-checking their online statements for any unusual charges. Ulzheimer recommends that consumers do this regularly and not wait until the monthly statement comes.

"Fraud is a real time crime and we as consumers have to be constantly engaged with our payment vehicles so that we are immediately aware of fraudulent use," he says.

If a consumer finds an unauthorized transaction, they should contact their banks to report the transaction along with the three credit reporting bureaus -- Experian, Equifax and TransUnion -- to place a fraud alert on their credit reports. Fraud alerts last 90 days and tell lenders to take extra precautions to verify a person's identify before extending credit.

Consumers affected by the breach should also pull their credit report one to two months after finding the unauthorized transaction to check if any new credit has been established in their name without their permission. It takes at least a month for a new account to show up on a credit report. Consumers are entitled to a free credit report from each credit bureau once every 12 months under federal law.

As for losses, credit card holders are not liable for any unauthorized charges stemming from a data breach under federal law. Debit card holders face higher losses, depending on whether their PIN was accessed and when they report unauthorized charges.

"When reported promptly, debit card customers are not liable for any unauthorized purchases on their accounts," says Chase spokesman Rob Tacey.

Did your issuer call you about a breach recently? Let me know.

Follow me on Twitter: @JannaHerron.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
Janna Herron
December 20, 2013 at 9:21 am

@Sharon Fleury: The breach affected not just Target credit cards and debit cards but also credit cards and debit cards issued by other banks. That means you should be checking the transaction history of any credit or debit cards you used at Target recently for any unauthorized purchases. If you find one, call your bank, which has a process in place to deal with fraud. That typically involves shutting down your current card and replacing it with a new one that has a new number, expiration date and security card. There is no reason to close your card account if you haven't found any suspicious activity on it.

Sharon Fleury
December 20, 2013 at 9:11 am

is is just the target card or is it the bank accout that has been hacked. Do I need to close just the target card or the whole bank account.thanks

Janna Herron
December 20, 2013 at 9:05 am

I'm going to try answer a few of the questions that have come up in the comments. @Caroyln and @Sharon, the banks I name in this article are the only ones I contacted for comment on the article. It is not the list of the banks that Target contacted regarding the breach. With that said, it would be prudent of you to check your transactions online every few days to make sure there are no suspicious charges. @Marguerite, the breach does include purchases made on Dec. 3. The breach occurred from Nov. 27 through Dec. 15. @Maureen, I would still check your transaction history regularly. Even though Target said the breach ended on Dec. 15, further investigation could reveal a longer time frame. @Jim, Target has said nothing about their own cards. I have emailed Target to find out more. Stay tuned. And @Sue, give your bank a call and ask why you got a new card. A friend of mine recently got a new debit card because of a breach at a local grocery store, not the one at Target. Hope that helps!

Jim Paille
December 20, 2013 at 8:50 am

I have seen nothing regarding Target's own credit card. and nothing is on line

December 20, 2013 at 8:42 am

I live in NH and my card was compromised. I was fortunate enough that my bank called to authorize a transaction in AZ for gas. I explained I was in NH and haven't left here. They marked my card as STOLEN and issued me another one. This is still very concerning, checking my online bank 2 or 3 times a day.

maureen rouse
December 20, 2013 at 8:23 am

my purchase was made on Dec 16th is there any chance I could have still been compromised?

sharon labean
December 20, 2013 at 8:03 am

I don't see my bank name on here either Charter One Bank. I used my card during those times..

December 20, 2013 at 8:02 am

I just was in the Anderson Indiana store and they sent me a debit card in the mail have I been compromised. I have not used the card.

Marguerite Kelley
December 20, 2013 at 7:22 am

My charges were made on 12/03/13 ,made with my Target Visa,does this include purchases made on that date?

Carolyn M. Rollins Smith
December 20, 2013 at 7:17 am

To Whom It May Concern,
I am Target customer. I am concerned because I have recently purchased at Target on Naamans Road Wilmington, DE. I do not see the WSFS bank stated among the banks that were notified of this fraud issue in your above information. What suggestions are you offering to us as Target customers who have used their cards within this time frame?

Carolyn M. Rollins Smith