New details are surfacing about the Target breach that occurred between November 27 and December 15. Only exceeded by the 2005 scam that affected 45.7 million TJX Companies Inc. customers, this Target security breach is the second largest credit card breach in U.S. history.
At least 40 million customers across Target’s 1,800 U.S. stores were affected by the security breach — thankfully, at least online Target shoppers were spared.
Though the details on how exactly this occurred are yet to be known, Target is currently working with a third-party forensics company to investigate the breach and prevent future problems. Unfortunately, this is not directly helping the customers that already have fraudulent charges on their accounts, many of whom have been unable to reach Target for help.
What information was compromised in the Target security breach
The information compromised by the hackers includes customers’ names, debit and credit card numbers, expiration dates and the embedded code on the magnetic strip on the back of the card. As of now it is unclear whether the CVV2 code — the three-digit security code on the back of the card — has been compromised.
Millions of Target customers’ credit and debit card information has already been sold to underground “card shops.” These are part of a large Internet black market where identity thieves can buy stolen credit card information using virtual currencies like Bitcoin and WebMoney, as well as Western Union and Money Gram wire transfers. The illegal “shops” are selling Target customers’ card information in batches of up to one million, according to KrebsOnSecurity.com. Thieves can even search for the exact type of card they want to purchase (i.e., Visa, Mastercard, country of issue, financial institution, etc…)
What to do if your information was compromised in the Target security breach
If you have used your credit or debit card at Target between November 27 and December 15, it is important to review your account statement carefully for any fraudulent charges, and do this often. If you do find suspicious charges in your statement, your card information may have already been sold to identity thieves. If so, contact your financial institution immediately so they can investigate the charges. You will not be held responsible for any fraudulent monetary losses in your account, just make sure to contact them right away.
Many of the top-rated identity theft protection services specifically monitor the Internet’s black markets for your credit card number, and alert you right away if your information is being used. Stolen credit card information can be detrimental to your credit score, so these identity theft protection services monitor your credit file, also alerting you if there are any changes on your credit reports. Visit our identity theft protection reviews page to learn more about these services, many of which offer free trials.
While identity theft protection services can help protect you from fraud, they will not always catch illegal activity on your credit card 100% of the time. Another option is to close the credit or debit card that was used. This way, if your card information was sold or is used in an attempt to make fraudulent purchases, the thieves will not be able to use the data because the card will be inactive. To do this, contact your bank and explain the situation — they will be able to cancel your card and order you a new one. If you are canceling a debit card, some banks may be able to issue you a temporary ATM card inside the branch, so you can use that while you wait for your new card to arrive in the mail.