Target breached: 5 defensive steps shoppers should take now

As you may have heard from the copious news coverage (including our own post this morning) Target’s stores in the US were the target of a security breach which has given criminals access to the data from the magnetic strips on customers’ credit and debit cards. This data includes the customer’s name, credit or debit card number, the card’s expiration date and CVV (the three-digit security code).

Indications are that this breach began near the end of November, though some sources say it may have begun as early as mid-November, and it was closed on December 15. If you shopped in a Target store during that period of time, you may be wondering how to identify or mitigate problems caused by this breach. Here are a few steps you can take now:

1. Check your account for suspicious activity

The first, and most important thing you can do is to check the transactions for the credit and debit cards you used at Target stores during this time period. If you see activity that you do not recognize, it is important that you notify the card issuer immediately.

Keep in mind that although we have reports that some of this stolen data is already being used for fraud, the criminals may not use or sell all of the stolen data right away (in order not to flood the market and devalue the data, they may sell it over the course of several months). You will need to be vigilant with these accounts for a while.

Reports are that the site for Target’s REDcard are overwhelmed, and may not be responding, so you may need to be patient and try again periodically.

2.  Ask for a replacement debit/credit Cards

If you would rather not wait for the hammer to drop on criminals potentially selling your stolen data, especially if the card in question is a debit card which pulls funds directly from your bank account, you may wish to ask for a replacement card. Keep in mind that if you have any auto-pay accounts that reference this account number, you will need to update that information. By asking for a replacement card, you will have more outlay of time now, in the hopes of preventing a bigger outlay of time in the future, if your card data does get stolen. The Federal Trade Commission offers a lot of advice on dealing with lost or stolen cards.

3.  Choose a stronger debit PIN

If the card that was used was a debit card, you may wish to change your PIN. On December 27 Target confirmed that encrypted PINs were part of the data gathered in the breach. While the criminals may not have decrypted this information, many people use weak PINs that are easy to guess. Making this change is a small step that can greatly improve your security.

4. Check your credit report

Criminals could take the data they have stolen and combine it with other data to wreak more havoc. It is a good idea to regularly monitor your credit report, to identify and then report any fraudulent transactions. Target has provided detailed contact information for the three credit reporting agencies. You may also want to look into setting up a fraud alert or a credit freeze if you want additional protection against fraudsters trying to get credit in your name. Be aware that these steps will also mean you have to go through additional verification if you wish get credit, for the duration of the alert or freeze.

5. Change your Target.com password

There is no indication that Target.com was compromised, but this incident is a good reminder to be vigilant about choosing strong passwords and changing them often.

Bonus tip

Beware of scams: Criminals are aware that people will be feeling especially anxious about their security and privacy as a result of this incident. This could lead to other scams. Some folks may, ironically, be more apt to fall for social engineering tactics that prey on this fear of their cards being compromised. Be sure not to click on links in emails purporting to come from businesses using this angle, especially if they appear suspicious in any way. Instead, you should type the expected URLs into your browser directly to contact companies.

[Update December 20: Details of how card data are being sold are now emerging.]

Big hat tip to Brian Krebs for breaking this story.

Author Lysa Myers, ESET

  • Growupfolks

    You missed the obvious solution – - – - PAY CASH !!! Duh !! Cash payments force the buyer to stay within his/her budget. Cash payments are an anonymous transaction for those of us who don’t care to have our lives totally trackable by credit card purchases. Our grandparents were a lot smarter than us – - – if you don’t have the money, you don’t buy it! I’ve been cash-only for years and as a result, I have money in the bank (not in debt), I sleep well at night and I don’t dread opening those credit card statements showing purchases I didn’t need and couldn’t afford. Sometimes the old ways are best.

    • http://dharley.wordpress.com/ David Harley

      Cash doesn’t work very well online. :) And I can assure you that it’s perfectly possible to pay by credit card without getting into debt. Of course, the CC companies hate it if you pay off straightaway, because then they can’t charge you interest, but it can be very convenient for the customer. Of course there are security risks, and clearly there _are_ people who can’t manage credit cards properly, but not every credit card holder is in permanent debt. However, if you’re happy with a cash-only existence, good for you.

    • Bt210

      If you get robbed of your cash or lose it, you’re not getting it back. But if you lose your credit card or it is stolen, you can cancel it and get a new one and dispute any fraudulent charges to it. I have been notified by my credit card company when suspicious activity took place — the company did not allow the suspicious transaction to go through and sent me a new card. And I don’t carry a balance. I pay my card off every month. I don’t buy things I “don’t need and can’t afford.” I also don’t get free air miles or cash back/discounts from cash while I do get them from credit cards. Why turn down free money? That’s a real “DUH.”

  • Austin Hood

    I would suggest the following measures in addition to those already mentioned including the idea of paying cash.

    I would recommend that people open up a smaller account for their routine Christmas purchases including a debit card with a limit of no more than $500 to $1000 dollars. This would be a separate checking accont separate from a person’s main account.

    That way if the smaller account with a $500 limit on it is compromised, the loss is not as bad as if someone hacked into your main checking account.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.