Dedicated to Deposits: Deals, Data, and Discussion
About Ken Tumin About Ken Tumin - Founder and Editor

Ken Tumin founded the Bank Deals Blog in 2005 and has been passionately covering the best deposit deals ever since. He is frequently referenced by The New York Times, The Wall Street Journal, and other publications as a top expert, but he is first and foremost a fellow deal seeker and member of the wonderful community of savers that frequents DepositAccounts.

Featured Savings Rates

Popular Posts

Featured Accounts

Massive Data Breach May Have Hit Target Customers

POSTED ON BY

Massive Data Breach May Have Hit Target Customers

The big news this morning is the potential data breach that may have affected millions of Target customers. According to this USA Today article, the Secret Service is investigating a data breach at Target stores involving shoppers' credit card and data card information. The security news website, Krebs on Security, first reported on this story. Its sources have reported that the breach likely started around the time of Black Friday and may have lasted until December 15th. The breach affected an unknown number of customers who shopped at Target’s physical stores during this period. It apparently did not affect online customers. Just in the last hour, Target issued this press release confirming the data breach:

Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.

If you have recently purchased anything from Target stores, it’s good idea to keep any eye on your credit card or checking account activity. Make sure to report any suspicious charges immediately to your bank. Many banks allow you to set up email notifications. For example, you could have your bank automatically email you anytime there’s a large withdrawal from your account.

Set up automatic email notification to monitor accounts

This incident is another example of why credit cards are better than debit cards. The Krebs on Security article reported that if customers’ PIN numbers were intercepted, hackers would be able to create counterfeit debit cards that could be used to withdraw money from ATMs. You don’t have that worry for credit cards. If there’s an unauthorized charge, you can just dispute the charge with the credit card company. You don’t have to fight to get money put back into your checking account.

If you do use a debit card (for things like meeting reward checking requirements), it’s probably better to use the credit/signature option rather than the PIN option. This should reduce the chance of your PIN being stolen.



Related Posts

Comments
13 Comments.
Comment #1 by samiam (anonymous) posted on
samiam
What does the Secret Service have to do with this?  Wouldn't the FBI be the appropriate agency to deal with this issue?

4
Comment #2 by Roc (anonymous) posted on
Roc
The USA Patriot Act signed into law by President George W. Bush on October 26, 2001, mandated the U.S. Secret Service to establish a nationwide network of Electronic Crimes Task Forces (ECTFs) to investigate and prevent attacks on financial and critical infrastructures in the United States.

10
Comment #3 by sino (anonymous) posted on
sino
This is inside job, if Target admits to it will become liable for all the losses incurred by the customer.
They are trying to hash it under the rag and walk away from any liabilities.

12
Comment #5 by alen (anonymous) posted on
alen
I agree with you, the interception of all sales is clustered in the main computer center for archiving and processing.
That would be the most likely point of hack where all swipes of CC concentrates.

7
Comment #9 by Cerra (anonymous) posted on
Cerra
In order to have access to so many customer accounts, someone must have the master password to be able to download millions of data record files. The data is encrypted, therefore only a mater password can get to these records.
Inside job is the most logical explanation.

7
Comment #4 by DCguy (anonymous) posted on
DCguy
I did not shop at Target since Black Friday.  However, one of my Citibank Credit Cards was hit with 2 bogus transactions before Black Friday.  It appeared that two online websites had submitted CC transactions to my account both on the same day.  One was for just over $1 followed by one over $100.  One showed a McAfee,com and the other a Match.com merchant name.  I was not a customer of either firm.  When I looked at the posted information on Citibank's site, I noticed that no card member owner's name was shown on these transactions (unlike the valid transactions).  I believe someone randomly generated credit card numbers and expiration dates to the credit card processing center in the hopes of routing money to a bogus merchant account.  Citibank alerted me (both by phone and email) about the suspicious transaction and asked for me to contact them about it before they could allow for them to post to the account.

3
Comment #6 by Shorebreak posted on
Shorebreak
From: https://www.citi.com/credit-cards/creditcards/CitiHome.do

"Important: Target Stores Data Compromise"

"We are aware of the recent compromise at Target retail stores. Citi has monitoring controls in place to protect our customers. We encourage customers who are concerned and recently have shopped at Target Stores to review your recent account activity online. We recommend that if you see any suspicious transactions please contact us by calling the number on the back of your card. You will not be liable for any unauthorized use of your account."

3
Comment #7 by Anonymous posted on
Anonymous
If any unauthorized charge, whether or not invoving PIN number, is made to your checking account via debit card, is the bank legally obligated to reimburse you?

1
Comment #8 by Shorebreak posted on
Shorebreak
"The first class action was filed Thursday against Target, hours after the company announced that security may have been breached on as many as 40 million credit and debit cards swiped from Nov. 27 until Dec. 15."

http://www.courthousenews.com/2013/12/20/63935.htm

3
Comment #10 by Jim (anonymous) posted on
Jim
As per Target, the Target DEBIT CARD is not affected.  The Target CREDIT CARD is affected.
Jim

3
Comment #11 by Anonymous posted on
Anonymous
Target does not have debit cards, they have target ACH card connected to your account and processing does not goes via ATM or credit networks.
They are saying that to confuse the public and mislead.

4
Comment #12 by Anonymous posted on
Anonymous
#10, Target does not have a debit card, it is a ACH card connected to our checking account at any bank you have. When you swipe such card it goes into Target business checking account as an instant credit.
ATM and credit cards systems are by passed and there is no record created on any third party system for processing.

3
Comment #13 by Anonymous posted on
Anonymous
"Tip. Set up automatic email notification to monitor accounts"

I have this set-up.  Sometimes it works, sometimes it doesn't.  Many times even large banks have "bugs" in their computer software.

2