Are you affected by the recent Target hack?

Target has announced that any credit or debit card used in a Target store in the U.S. between November 27 and December 15 may have been compromised. According to the announcement, the stolen information includes the customer’s name, credit or debit card number, and the card’s expiration date and CVV1 (a security code stored on your card's magnetic stripe).

In light of this announcement, the FTC has this advice:

*If you recently used your credit or debit card in a Target store, check your account. If you see charges that you don’t recognize, immediately report them to the fraud department of your bank or credit card provider.

*Going forward, continue to monitor your accounts and check that the information on your credit report is accurate. Your credit report includes information about your credit card accounts and other bills you pay. The law requires the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to give you a free copy of your credit report every 12 months if you ask for it. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228. You’ll have to provide some personal and financial information to get your report. For information about how to correct errors in your report, visit ftc.gov/freereports.

To file a complaint, visit ftc.gov/complaint.  For information about identity theft, visit ftc.gov/idtheft.

Comments

Yes. My daughter and I both had made separate Christmas purchases at Target in Hilo, Hawaii during the time frame of the hack. As soon as we learned about this online today, we immediately reported our cards as stolen to our card services. Luckily we caught it in time, no spurious charges. We got new card accounts on the spot. I wonder how the hackers got software into so many card readers simultaneously. Sounds like an inside job. Thanks for getting the word out.

Was the CVV data being referenced as part of the breach CVV1 or CVV2 data? Some reports make it seem like it is the CVV2 number on the back of the card, but that doesn't seem to make sense.

According to Target's FAQs, the CVV data that was stolen was the CVV1 code (data stored on the magnetic stripe). It was NOT the three digit number on the back of your card. We've updated our blog post to clarify this.

I am disturbed by this and the fact politicians have not placed laws with severe penalties and punishment to curb these ongoing problems within our justice system to protect the society we are forced to adopt.

Huh? No one is forced to use a debit or credit card, ever. And we do have laws for hackers and thieves. Of course they have to be caught first. If we keep expecting a perfect society with perfect justice for every wrong that ever happens to us, we will be sorely disappointed.

Yep, nobody HAS to use a credit or debit card...use cash to be safe...or write a check! Best thing to do is request your free credit reports (1 per year) from each of the 3 reporting agencies; you can place a security block/alert/freeze on your accounts. Make it so you get a call before certain charges are made to your accounts, etc. I know he drill, got my ID stolen back in 2003 from a couple in Florida, they were part of a theft ring. The 'wife' was a former employee of a company I had an old account with (it was long closed/payed off, etc.) They were only able to get internet, cable, and phone services..but still, what the hell was up with those companies not asking for proof that they were actually using their correct identities. Long story-short....Due in part to my diligence in locating their correct contact info. I was able to get the FL fraud dept. on their asses..they were arrested with many others. I didn't have to pay any charges back either. Keep up on your credit info. NOBODY else will!!! Happy New Year everyone!

Does this only include in-store purchases or online purchases, too?

According to Target's statement, this incident affected only in-store purchases.

The report I read said both online and in-store cards were affected. We need to get this clarified. Also, if only a Redcard was used and not an actual credit or debit card, is that affected as well?

Please clarify!

Target's announcement and FAQ page says the data breach affected only in-store purchases in the U.S.

Yes, Target Redcards that were used in a Target store between Nov. 27 and Dec. 15 are affected.

A good reason to use AmEx exclusively....they watch out for their customers, tracking buying patterns....

Same happened early 2012 with amex. Cards were created and sold . Tested on standalone vending machines in cali where no cams were present then used else where. (My amex business costo card.. btw they refused to admit there was a breach as is assuming liability.)The entire industry needs a uhual including the dumb@$$ idea of using 16(15) numbers as a payment method. Really... 16 numbers.. not even letters or other ascii characters... just numbers.... wow.

I agree that there needs to be stricter penalties for this kind of theft! Heck, we need a better and more secure way to buy things without having to fear that our hard earned money will be stolen. I think I’ll just stick to cash and only use my trusted bank ATM from now on. Then again, if I do that, I’ll probably just get mugged. I guess criminals will always get what they want one way or another.
On another note, I’m sick and tired how the credit monitoring business / credit reporting bureaus are making so much money on all our fears from thefts like this. Our government needs to jump in and instil the trust in the electronic American dollar by making it harder to apply for a credit card in my name! It’s so easy to open a line of credit in this country, it’s scary and it kind of makes you buy into credit monitoring scam. Secondly, require the use of stronger encryption to store and transmit credit card info. Third, require banks (some do already) to alert you if a transaction occurred outside the geographical area that you normally shop/live in to prevent Mr. Vladimir in Russia from buying crap online and shipping it to his house. Fourth, maybe for the hardcore paranoid, allow credit card holders to have 2 factor security when making purchases at stores or online. 1. Pay for items, then you get a text with a code you must enter to verify it’s you 2. Enter code then your pin. 3. Finish transaction. Fifth, I saw this in foreign countries when I was paying for my meal at a restaurant. Make it a law to require waiters to swipe your card in front of you. I hate when they take my card in the back where god only knows if they are copying my card information.

i'm sure much more can be done. Thats all I have.

Does anyone have contact # for target. I've called all #'s and get busy signal. I used my target redcard debit card and I can't get through to them to cancel this card. I can't even access my account.
Target needs to give out #'s to call that rings not busy signals ;(

I used my card on-line within the reported time frame. 2 days ago I received an email from Target confirming an order for a $123.00 purchase at Target.com., which Included 2, $50 Target gift cards & a decor item none of which I ordered. A later email from Target indicated that "there was a problem with the order" & that they had cancelled it.
I wrote to their on-line address asking what had happened that same day & I still have not replied. I wish they had offered an explanation then & now. I only found out when I received this notice. Why isn't Target required by law to notify the victims of theft, or are they? Their lack of adequate security has caused the problem.

I too had the same thing happen to me in the wee hours of Dec 21st..I have only used my Redcard online previously and received an email thanking me for my order of a $100 Itunes card and a Walking Dead PC game..Totaled a bit over $117..the next email noted about 20 min after the first email..stated that there was a problem and the order was canceled..

Trying to call any number listed for any department in Corporate Target is futile..so I also wrote an email to them explaining what happened and that I wanted my account canceled..haven't seen any response yet..

How about debit cards that require a PIN number. Was the PIN captured too?

Target has stated that there's no indication that debit card PINs were impacted.

mine was.

On Friday, 12/27, Target announced that PIN numbers used at Target between 11/27 and 12/15 were indeed included in the stolen information.

Why aren't we given a list of stores which were comprised (a reported 1800), so we don't have to cancel our cards if not necessary.

Does this also include charge cards other than their own Target charge cards?

Yes, any card that was used to make a purchase in a Target store in the U.S. during the time frame could be affected.

I was at Target shopping during this time frame and recently noticed a charge in my debit account card of $250 but from another store that was inaccurate. I reported it and got credited back the money, could this be related to the Target Hack?

I received 2 emails on 12/15 with unauthorized website purchases from Best Buy and Applestore.
They used the Visa card I used at Target and two new cards opened with my name on them from Master Card and Discovery Card. Best Buy emailed me to say they had trouble confirming my identity and wanted me to call them on my order (not my order). Apple store just emailed confirmation of my order and when I logged into my apple account I saw a new Master Card in my name with a ship to address in Virginia. All of these were for AppleMacPro computers. Cancelled my visa immediately, and checked credit reports. No inquiries on any of them...strange. So how did this person open 2 cards in my name without credit inquiries??

Who takes responsibility for retailers having a secure POS system and maintaining PCI security?

Is Target required to provide free credit monitoring to all consumers who have been affected by this hack?

Target recently announced that the company will provide one year of free credit monitoring for people affected by the breach: https://corporate.target.com/discover/article/free-credit-monitoring-and-identity-theft-protecti

Yesterday, I too had a large purchase on my Chase Visa that I had used at Target that was fraudulant. It was a Walmart.com purchase with pickup in store in Virginia. Cell phone used was from New York City. The card info is spreading on the underground and is actively being used.

Is it clear that the risk is limited to cards used at Target between 11/27 and 12/15? Any risk to a card used on 11/26? Also, one news report mentioned there could be an associated risk to other cards owned by the affected cardholders. Is this true, and, if yes, what can be done to protect against the risk?

There may be new details that emerge as investigators examine the data breach. The best thing you can do is to watch for charges that you don't recognize, report problems right away, and order your free credit reports (which have information about all of the credit accounts in your name).

Please give out real numbers to call and lists of stores hacked in each state. I will only use cash there (as in TJMaxx) from now on. They cannot be trusted ever again. I hope there is a big law suit against them by banks and credit card co's,

I applaud Target for releasing this information so quickly. Most companies that have credit card information stolen from their data bases do not ever publicly release the information. They could have also waited until after Christmas, in an effort to maximize their profits from Christmas purchases. Target handled this with integrity, instead of sweeping it under the carpet and keeping it a secret, as most companies do.

Maybe we should not shop at target until they can get there act together. I took all my money out of the bank today so hacker shop away,, maybe cash is the way to go until the government can stop this madness the target store will not be the last one that will have this problem, so life goes on for thiefs

they got my card, bank and PIN. called an auto system and got the balance, changed the PIN and cleared all the funds at a gas station in Florida.
no one wants to reseasrh stuff that just happened this morning. the bank has the originating phone number, and i'm fairly sure the gas station would have info on the car that bought the gas.

How do I cancel my Red Card? I cannot get anyone to answer at the customer service number! What number do we use to get this done?

Stressful, loss of time. Target's responsible for someone being able to hack their system where they store our account info (POS) so lawsuits are coming to them. Why isn't there a govt enforced national standard for all retailers to use (under penalty) re: data security? After TJ Maxx breach (almost the same issue as Target), companies should have been audited to make sure they were using most current technology (not the cheaper versions). Also should be an automatic SOP for them to follow: close accts used during breach, issue new cards, notify credit agencies to put on 90 day alerts, and offer 1 year free monitoring to those same customers. This is what our bank did 2 years ago when their million+ VISAs were hacked. We've stayed with that bank b/c they were so fast & responsive. I closed my account -- after being on hold for 2 hours. Of course, they had no problem asking for their final payment! As an identify theft victim years ago, believe me, it's best to just close your account before you have to go through the hassle of trying to fix any fraudulent activity.

I have a Target Debit Card and like many others am a sitting duck. I am unable to get in touch with anyone at Target at the various numbers or via the website to cancel my Target debit card. I can apply for and activate a card online but cannot CANCEL it. As consumers, we have no course of action. My bank cannot do anything. I have to WAIT until a crime is committed and go through the inconvenience of getting the money back when steps could be taken now to avoid potential theft. Every security analyst has recommended that if you have a Target DEBIT to cancel it and yet we are unable to do so. What is the FTC doing to ensure that consumers are being protected? We need FTC's leadership to ensure that we have voice and can take steps to protect ourselves.

Ms. Vincent,
I, unfortunately, was a victim of the Target credit card breach. Apparently, the criminals DID have my AmEx security code. This is contradictory to what Target is publicizing. My card was used to try to book airline tickets on Czech Airlines to the tune of approx. $1260. It was denied; AmEx notified us; I cancelled card and got a new one. What are my next steps?

It's a good idea to keep an eye on your other credit card accounts, and visit annualcreditreport.com to get a free copy of your credit report. Check your credit reports to make sure that no one has opened a new line of credit in your name.

I made a purchase in Target on December 3rd using my bank debit card. I knew nothing about a red card until the cashier started telling me about it and I thought it was like a courtesy card like you use in the grocery store. At the time she asked for a voided check which I provided. So far I have not received a red card. I also remember that they were having system problems. I have cancelled my bank debit card, but I am still concerned that my bank information from the voided check is still out there. I have not been able to reach anyone at Target to cancel the card that I have not received. Any suggestions. HELP!

Based on the information in Target's announcement, I don't think the information from your voided check would be part of this breach. Nevertheless, it's a good idea to continue to follow up with Target about your Redcard, to monitor your accounts, and to get a copy of your credit report and check for any accounts that you don't recognize. You can get a free copy of your credit report at annualcreditreport.com.

I don't know what to do. There is all kinds of advice on what to do and I don't know who is right. I was told to cancel my credit card and also to call the credit report company and put a fraud alert on my report. I have not seen any unknown charges on my card but can they get new cards in my name if I don't do the 2 things I mentioned. (cancel card and fraud alert?) I was at target and used my card 6 times in that time period and for some big items. Help, I can't sleep! Nicole please answer.

If you're concerned about your card, you should call and cancel it. It's also a good idea to check your credit report to make sure that no one has opened a new line of credit in your name. You can get a free copy of your credit report at annualcreditreport.com.

I just had a bed,bath and beyond charge on my account that I used at target. Am I going to be compensated for the time and effort it's going to take to get all of my accounts cancelled that are attached to the cards I just had to cancel? How about the effort of now having to go to the bank for money for the next two weeks because I don't have an ATM card? It's this kind of hassle that Target is responsible for. I did not make this mess but I am going to be spending hours and possibly get late charges if I forget one of the accounts. I plan on joining the class action lawsuit in CA. Maybe paying out will help to remind them that it is their responsibility to keep our info safe while they make money off of our purchases. I am totally disgusted. It's great that our government does think this kind of breach warrants any fines.

I have a Visa CC connected with Chase. I called Chase to be assured that S.S.# and like info not be compromised. ..ans. NO.
I emailed S.S...They confirmed the ans.
Told by both..BE ALERT..CHECK STATEMENTS..STAY APRISED OF INFO. FORTHCOMING.
GOOD LUCK TO ALL.
GOVT COMPROMISED..what can we expect of Target?

If you used a Target debit Redcard during the affected time period, does that mean the hackers would have information on your bank debit card as well? It's unclear to me which information is tied to the Target Redcard in Target's system, and whether canceling my Redcard is enough, or whether I need to have my bank debit card reissued too.

I would cancel only the debit card I used at Target, and then monitor other accounts closely. I would also get a free copy of my credit report from annualcreditreport.com to make sure no one had opened a new line of credit in my name.

TARGET SUCKS

did you get my post? I would like an answer

I used my debit card on 12/15 and within the last 3 days, i have had several people from the Ukraine reviewing my on-line profiles. Could this be related?

Could you be more specific when you say viewing on-line profiles? Which ones? How did you find this out. A lot of hackers are from the Ukraine and surrounding areas

Sad that they cause their customers hours of time and money to cancell there cards and all they can offer is two days of sales at 10% off during the holiday rush! That is just plain not caring for this customer. I will not shop with them again. 10% off is a slap in the face when they mark up at least 35% and I would not take that offer during the holiday so I can avoid the check out lines. 15 checkout stands and only 4 open with long lines. Thank you Target for absolutely not caring! I will bill them for any fees I am charched from this and threaten a lawsuit if the don't make it right.

Target swipes my driver's license when I purchase alcohol. Was my driver's license information saved by Target and stolen?

I have been trying to use a target gift card for some time now and it never worked at the store. Today I was finally able to log onto my target online account and saw that two separate transactions had taken place using my card...one on nov 14 and the other on dec 14, exactly a month apart...I never made these purchases. What now?

There should be a customer service number on the card. I would call and report the problem as soon as possible.

I'm going,back to cash only!!! If I don't have it I don't need it!

I had done some shopping at Target over that time frame. I was all set to be cautious about it and monitor my account, I wasn't going to cancel my debit card right away. That is, until my bank called me. Mastercard had called them and said my card number was compromised. I cancelled my card on the spot. Now have to wait 10 or so days for my new debit card and pin to come in. Nothing like putting a big headache in place right away. I live off my debit card. I never have cash, and my bank is not a worldwide branch with millions of locations. I deal with a credit union with one location. I can't get to the bank with any kind of ease. Really but a crimp into my life for 2 weeks. At least no money was accessed! Thanks a lot Target!

What other data was included in the compromise? I used my checking visa and while my bank has taken care of it, Target also scanned my driver's license because I bought some cold medicine. Was the info from the license also in the breech also, this was the FIRST time I have ever had a store scan my drivers license! Why are they allowed to do that and what information are they collecting and where does it go?

It was announced on Jan. 18th that there were 6 more major retailers affected by the same malware as Target. It is nearly a week later, the retailer names have not been released, and having checked with my card issuers, they have not been notified of which of their customer's cards have been compromised. Why is this information not being released? We need to know in order to assess how risk and take appropriate actions.

I lost $5450 in this security breach! Wasn't doing any Christmas shopping, just wanted to pick up some storage bags that cost me about 20 bucks. The worst part is, I just found out that because my debit card was from a bank outside the US, that I am liable for the mag stripe fraudulent transactions because US companies do not participate in CHIP liability shift programs. This is so not my fault and extremely unfair. Ive been told over and over there is nothing i can do to be refunded, does anyone have any advice?

What other companies were compromised?

Leave a Comment

Commenting Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.