The big news this morning is the potential data breach that may have affected millions of Target customers. According to this USA Today article, the Secret Service is investigating a data breach at Target stores involving shoppers' credit card and data card information. The security news website, Krebs on Security, first reported on this story. Its sources have reported that the breach likely started around the time of Black Friday and may have lasted until December 15th. The breach affected an unknown number of customers who shopped at Target’s physical stores during this period. It apparently did not affect online customers. Just in the last hour, Target issued this press release confirming the data breach:
Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013. Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
If you have recently purchased anything from Target stores, it’s good idea to keep any eye on your credit card or checking account activity. Make sure to report any suspicious charges immediately to your bank. Many banks allow you to set up email notifications. For example, you could have your bank automatically email you anytime there’s a large withdrawal from your account.
This incident is another example of why credit cards are better than debit cards. The Krebs on Security article reported that if customers’ PIN numbers were intercepted, hackers would be able to create counterfeit debit cards that could be used to withdraw money from ATMs. You don’t have that worry for credit cards. If there’s an unauthorized charge, you can just dispute the charge with the credit card company. You don’t have to fight to get money put back into your checking account.
If you do use a debit card (for things like meeting reward checking requirements), it’s probably better to use the credit/signature option rather than the PIN option. This should reduce the chance of your PIN being stolen.