You are here

Are you affected by the recent Target hack?

Share this page

Target has announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and CVV1 (a security code stored on your card's magnetic stripe).

In light of this announcement, the FTC has this advice:

*If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.

*Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report. For information about how to correct errors in your report, visit

To file a complaint, visit For information about identity theft, visit


Yes. My daughter and I both had made separate Christmas purchases at Target in Hilo, Hawaii during the time frame of the hack. As soon as we learned about this online today, we immediately reported our cards as stolen to our card services. Luckily we caught it in time, no spurious charges. We got new card accounts on the spot. I wonder how the hackers got software into so many card readers simultaneously. Sounds like an inside job. Thanks for getting the word out.

Was the CVV data being referenced as part of the breach CVV1 or CVV2 data? Some reports make it seem like it is the CVV2 number on the back of the card, but that doesn't seem to make sense.

According to Target's FAQs, the CVV data that was stolen was the CVV1 code (data stored on the magnetic stripe). It was NOT the three digit number on the back of your card. We've updated our blog post to clarify this.

I am disturbed by this and the fact politicians have not placed laws with severe penalties and punishment to curb these ongoing problems within our justice system to protect the society we are forced to adopt.

Huh? No one is forced to use a debit or credit card, ever. And we do have laws for hackers and thieves. Of course they have to be caught first. If we keep expecting a perfect society with perfect justice for every wrong that ever happens to us, we will be sorely disappointed.

Yep, nobody HAS to use a credit or debit card...use cash to be safe...or write a check! Best thing to do is request your free credit reports (1 per year) from each of the 3 reporting agencies; you can place a security block/alert/freeze on your accounts. Make it so you get a call before certain charges are made to your accounts, etc. I know he drill, got my ID stolen back in 2003 from a couple in Florida, they were part of a theft ring. The 'wife' was a former employee of a company I had an old account with (it was long closed/payed off, etc.) They were only able to get internet, cable, and phone services..but still, what the hell was up with those companies not asking for proof that they were actually using their correct identities. Long story-short....Due in part to my diligence in locating their correct contact info. I was able to get the FL fraud dept. on their asses..they were arrested with many others. I didn't have to pay any charges back either. Keep up on your credit info. NOBODY else will!!! Happy New Year everyone!

no, noone is forced to use a credit card, but if I pay with a credit card and someone steals that credit card info from the institution then they should be held accountable the same way that if I pay cash and someone steals the cash from the institution then its the institutions job to police itself or put in place a system that protects the information that I entrusted them with to pay for my purchase. your way of thinking suggests that if someone stole the cash I paid the institution with then the institution will ask me to pay them again because the money I paid with was stolen. the consumer relies on the institution to safeguard the info that it accepts as payment.

Does this only include in-store purchases or online purchases, too?

According to Target's statement, this incident affected only in-store purchases.

The report I read said both online and in-store cards were affected. We need to get this clarified. Also, if only a Redcard was used and not an actual credit or debit card, is that affected as well?

Please clarify!

Target's announcement and FAQ page says the data breach affected only in-store purchases in the U.S.

Yes, Target Redcards that were used in a Target store between Nov. 27 and Dec. 15 are affected.

A good reason to use AmEx exclusively....they watch out for their customers, tracking buying patterns....

Same happened early 2012 with amex. Cards were created and sold . Tested on standalone vending machines in cali where no cams were present then used else where. (My amex business costo card.. btw they refused to admit there was a breach as is assuming liability.)The entire industry needs a uhual including the dumb@$$ idea of using 16(15) numbers as a payment method. Really... 16 numbers.. not even letters or other ascii characters... just numbers.... wow.

I agree that there needs to be stricter penalties for this kind of theft! Heck, we need a better and more secure way to buy things without having to fear that our hard earned money will be stolen. I think I’ll just stick to cash and only use my trusted bank ATM from now on. Then again, if I do that, I’ll probably just get mugged. I guess criminals will always get what they want one way or another.
On another note, I’m sick and tired how the credit monitoring business / credit reporting bureaus are making so much money on all our fears from thefts like this. Our government needs to jump in and instil the trust in the electronic American dollar by making it harder to apply for a credit card in my name! It’s so easy to open a line of credit in this country, it’s scary and it kind of makes you buy into credit monitoring scam. Secondly, require the use of stronger encryption to store and transmit credit card info. Third, require banks (some do already) to alert you if a transaction occurred outside the geographical area that you normally shop/live in to prevent Mr. Vladimir in Russia from buying crap online and shipping it to his house. Fourth, maybe for the hardcore paranoid, allow credit card holders to have 2 factor security when making purchases at stores or online. 1. Pay for items, then you get a text with a code you must enter to verify it’s you 2. Enter code then your pin. 3. Finish transaction. Fifth, I saw this in foreign countries when I was paying for my meal at a restaurant. Make it a law to require waiters to swipe your card in front of you. I hate when they take my card in the back where god only knows if they are copying my card information.

i'm sure much more can be done. Thats all I have.

Does anyone have contact # for target. I've called all #'s and get busy signal. I used my target redcard debit card and I can't get through to them to cancel this card. I can't even access my account.
Target needs to give out #'s to call that rings not busy signals ;(

I used my card on-line within the reported time frame. 2 days ago I received an email from Target confirming an order for a $123.00 purchase at, which Included 2, $50 Target gift cards & a decor item none of which I ordered. A later email from Target indicated that "there was a problem with the order" & that they had cancelled it.
I wrote to their on-line address asking what had happened that same day & I still have not replied. I wish they had offered an explanation then & now. I only found out when I received this notice. Why isn't Target required by law to notify the victims of theft, or are they? Their lack of adequate security has caused the problem.

I too had the same thing happen to me in the wee hours of Dec 21st..I have only used my Redcard online previously and received an email thanking me for my order of a $100 Itunes card and a Walking Dead PC game..Totaled a bit over $117..the next email noted about 20 min after the first email..stated that there was a problem and the order was canceled..

Trying to call any number listed for any department in Corporate Target is I also wrote an email to them explaining what happened and that I wanted my account canceled..haven't seen any response yet..

How about debit cards that require a PIN number. Was the PIN captured too?

Target has stated that there's no indication that debit card PINs were impacted.

mine was.

On Friday, 12/27, Target announced that PIN numbers used at Target between 11/27 and 12/15 were indeed included in the stolen information.

Why aren't we given a list of stores which were comprised (a reported 1800), so we don't have to cancel our cards if not necessary.

Does this also include charge cards other than their own Target charge cards?

Yes, any card that was used to make a purchase in a Target store in the U.S. during the time frame could be affected.

I was at Target shopping during this time frame and recently noticed a charge in my debit account card of $250 but from another store that was inaccurate. I reported it and got credited back the money, could this be related to the Target Hack?

I received 2 emails on 12/15 with unauthorized website purchases from Best Buy and Applestore.
They used the Visa card I used at Target and two new cards opened with my name on them from Master Card and Discovery Card. Best Buy emailed me to say they had trouble confirming my identity and wanted me to call them on my order (not my order). Apple store just emailed confirmation of my order and when I logged into my apple account I saw a new Master Card in my name with a ship to address in Virginia. All of these were for AppleMacPro computers. Cancelled my visa immediately, and checked credit reports. No inquiries on any of them...strange. So how did this person open 2 cards in my name without credit inquiries??

Who takes responsibility for retailers having a secure POS system and maintaining PCI security?

Is Target required to provide free credit monitoring to all consumers who have been affected by this hack?

Target recently announced that the company will provide one year of free credit monitoring for people affected by the breach:

Yesterday, I too had a large purchase on my Chase Visa that I had used at Target that was fraudulant. It was a purchase with pickup in store in Virginia. Cell phone used was from New York City. The card info is spreading on the underground and is actively being used.

Is it clear that the risk is limited to cards used at Target between 11/27 and 12/15? Any risk to a card used on 11/26? Also, one news report mentioned there could be an associated risk to other cards owned by the affected cardholders. Is this true, and, if yes, what can be done to protect against the risk?

There may be new details that emerge as investigators examine the data breach. The best thing you can do is to watch for charges that you don't recognize, report problems right away, and order your free credit reports (which have information about all of the credit accounts in your name).

Please give out real numbers to call and lists of stores hacked in each state. I will only use cash there (as in TJMaxx) from now on. They cannot be trusted ever again. I hope there is a big law suit against them by banks and credit card co's,

I applaud Target for releasing this information so quickly. Most companies that have credit card information stolen from their data bases do not ever publicly release the information. They could have also waited until after Christmas, in an effort to maximize their profits from Christmas purchases. Target handled this with integrity, instead of sweeping it under the carpet and keeping it a secret, as most companies do.

Maybe we should not shop at target until they can get there act together. I took all my money out of the bank today so hacker shop away,, maybe cash is the way to go until the government can stop this madness the target store will not be the last one that will have this problem, so life goes on for thiefs

they got my card, bank and PIN. called an auto system and got the balance, changed the PIN and cleared all the funds at a gas station in Florida.
no one wants to reseasrh stuff that just happened this morning. the bank has the originating phone number, and i'm fairly sure the gas station would have info on the car that bought the gas.

How do I cancel my Red Card? I cannot get anyone to answer at the customer service number! What number do we use to get this done?

Stressful, loss of time. Target's responsible for someone being able to hack their system where they store our account info (POS) so lawsuits are coming to them. Why isn't there a govt enforced national standard for all retailers to use (under penalty) re: data security? After TJ Maxx breach (almost the same issue as Target), companies should have been audited to make sure they were using most current technology (not the cheaper versions). Also should be an automatic SOP for them to follow: close accts used during breach, issue new cards, notify credit agencies to put on 90 day alerts, and offer 1 year free monitoring to those same customers. This is what our bank did 2 years ago when their million+ VISAs were hacked. We've stayed with that bank b/c they were so fast & responsive. I closed my account -- after being on hold for 2 hours. Of course, they had no problem asking for their final payment! As an identify theft victim years ago, believe me, it's best to just close your account before you have to go through the hassle of trying to fix any fraudulent activity.

I have a Target Debit Card and like many others am a sitting duck. I am unable to get in touch with anyone at Target at the various numbers or via the website to cancel my Target debit card. I can apply for and activate a card online but cannot CANCEL it. As consumers, we have no course of action. My bank cannot do anything. I have to WAIT until a crime is committed and go through the inconvenience of getting the money back when steps could be taken now to avoid potential theft. Every security analyst has recommended that if you have a Target DEBIT to cancel it and yet we are unable to do so. What is the FTC doing to ensure that consumers are being protected? We need FTC's leadership to ensure that we have voice and can take steps to protect ourselves.

Ms. Vincent,
I, unfortunately, was a victim of the Target credit card breach. Apparently, the criminals DID have my AmEx security code. This is contradictory to what Target is publicizing. My card was used to try to book airline tickets on Czech Airlines to the tune of approx. $1260. It was denied; AmEx notified us; I cancelled card and got a new one. What are my next steps?

It's a good idea to keep an eye on your other credit card accounts, and visit to get a free copy of your credit report. Check your credit reports to make sure that no one has opened a new line of credit in your name.

I made a purchase in Target on December 3rd using my bank debit card. I knew nothing about a red card until the cashier started telling me about it and I thought it was like a courtesy card like you use in the grocery store. At the time she asked for a voided check which I provided. So far I have not received a red card. I also remember that they were having system problems. I have cancelled my bank debit card, but I am still concerned that my bank information from the voided check is still out there. I have not been able to reach anyone at Target to cancel the card that I have not received. Any suggestions. HELP!

Based on the information in Target's announcement, I don't think the information from your voided check would be part of this breach. Nevertheless, it's a good idea to continue to follow up with Target about your Redcard, to monitor your accounts, and to get a copy of your credit report and check for any accounts that you don't recognize. You can get a free copy of your credit report at

I don't know what to do. There is all kinds of advice on what to do and I don't know who is right. I was told to cancel my credit card and also to call the credit report company and put a fraud alert on my report. I have not seen any unknown charges on my card but can they get new cards in my name if I don't do the 2 things I mentioned. (cancel card and fraud alert?) I was at target and used my card 6 times in that time period and for some big items. Help, I can't sleep! Nicole please answer.

If you're concerned about your card, you should call and cancel it. It's also a good idea to check your credit report to make sure that no one has opened a new line of credit in your name. You can get a free copy of your credit report at

I just had a bed,bath and beyond charge on my account that I used at target. Am I going to be compensated for the time and effort it's going to take to get all of my accounts cancelled that are attached to the cards I just had to cancel? How about the effort of now having to go to the bank for money for the next two weeks because I don't have an ATM card? It's this kind of hassle that Target is responsible for. I did not make this mess but I am going to be spending hours and possibly get late charges if I forget one of the accounts. I plan on joining the class action lawsuit in CA. Maybe paying out will help to remind them that it is their responsibility to keep our info safe while they make money off of our purchases. I am totally disgusted. It's great that our government does think this kind of breach warrants any fines.

I have a Visa CC connected with Chase. I called Chase to be assured that S.S.# and like info not be compromised. ..ans. NO.
I emailed S.S...They confirmed the ans.
GOVT COMPROMISED..what can we expect of Target?

If you used a Target debit Redcard during the affected time period, does that mean the hackers would have information on your bank debit card as well? It's unclear to me which information is tied to the Target Redcard in Target's system, and whether canceling my Redcard is enough, or whether I need to have my bank debit card reissued too.

I would cancel only the debit card I used at Target, and then monitor other accounts closely. I would also get a free copy of my credit report from to make sure no one had opened a new line of credit in my name.



Leave a Comment