It was only a few weeks ago that we learned that as many as 40 million holiday shoppers at Target stores between November 27 and December 15 may have had their credit and debit card information compromised. Now the folks at Target tell us that even if you did not shop their on those dates, you could still be affected by the breach. That’s because hackers hit a database containing this information. 70 million people could be affected by this (there are around 370 million people in the US)
Target Data Breach Update
Here is the scoop from Target (as of 1/10/14)
Target today announced updates on its continuing investigation into the recent data breach and its expected fourth quarter financial performance.
As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach.
This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.
Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips on our website.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to target.com/databreach.
Here is what you need to know:
Next week Target will update us with information concerning credit monitoring they will pay for for one year.
Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S stores.
The service, which will be available to all guests who shopped our U.S. stores, will include a complimentary credit report, daily credit monitoring, identity theft insurance where available, and access to personalized assistance.
Guests who sign up for free credit monitoring should continue to monitor their accounts and report any unusual or suspicious activity to their bank. We also want to remind guests that they have zero liability for the cost of any fraudulent charges arising from the breach.
Also, You have zero liability for any charges you didn’t make.
There is a chance that information thieves will be out to get more information from you!
Target says that following an event like a data breach, it’s common to see fraudsters use emails, texts, phone calls and fake websites to try to steal your personal information.
Don’t readily share your personal information, such as social security number, passwords, user IDs and financial account information, over the phone, email or text with anyone even if they claim to be someone you know or do business with. Ask for a call-back number.
Delete texts immediately from numbers or people you don’t recognize.
Be wary of mass emails asking for money or that send you to suspicious websites. Don’t click links within emails you don’t recognize.
Warnings from Target:
Be on the lookout for these scammers!
Social Engineering: Using fraud or deception to manipulate people into performing actions or divulging information that they would normally not share.
Social Engineer: A scam artist who contacts individuals via phone, email, text message or even in person to gather information for the purposes of fraud, data system access, identity theft and more.
Phishing: A social engineer uses a fake email to trick recipients into giving up credit card information, passwords or other sensitive information. The email may appear to come from a trusted source, such as a reputable company or bank, and often includes personal details so it appears the sender knows you.
Smishing: Similar to Phishing (see above), a social engineer sends a fake Short Message Service (SMS) text message to your cell phone, announcing that you’ve won a prize or offer from a trusted company or bank if you follow a link to a website and enter a code. Clicking the link can expose your phone to malware.
Pretexting: When a social engineer impersonates someone with authority and creates a fake scenario to trick unsuspecting individuals into sharing private or sensitive information.
REMEMBER
Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you.
Don’t respond to texts or emails coming from a contact you don’t recognize, and don’t click on links. Instead, if you need to check on your account, type the site address you want visit into your browser and securely log into your account.
Don’t send money to strangers; scam artists often insist that you wire money, especially overseas, because it’s difficult to trace the transaction.
Keep an eye on your monthly statements. If your account information is stolen, fraudsters can use it to charge purchases or commit crimes in your name. Watch for unusual charges such as “membership fees” and other goods or services you didn’t authorize. If you see a charge you don’t recognize, contact your account provider immediately.
Some common red flags that help identify a social engineer include:
Refusal to provide contact or call-back information
Acting rushed, pressed for time or intimidating
Name-dropping
Extremely friendly
May seem to know some personal information already, but is asking for more
Poor grammar or spelling
The links or attachments in an email seem suspicious
If you think you may have been scammed, there are a number of things you can do to protect yourself:
Report the incident to the Federal Trade Commission, or, if you live outside the U.S., file a complaint at econsumer.gov. You can also report scams to your state Attorney General.
Forward email spam to spam@uce.gov.
FTC identity theft website
free copy of your credit report