Target Corp. on Friday assured customers affected by the breach of an estimated 40 million credit and debit card accounts that they will not be held financially responsible for any fraudulent activity.
"To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation," Target said in a statement.
CHECK YOUR EMAIL
Anyone who shopped at a Target store with a credit or debit card between Nov. 27 and Dec. 15 should expect to receive an email from the company by the end of the weekend.
"It is very important for our guests to understand that receiving an email from us or a letter from their financial institution is absolutely not an indication that there has been, or will be, fraud on their card," Target said.
More: 4 ways to protect yourself if you shopped at Target
40 MILLION CARD ACCOUNTS
Target confirmed Thursday it has identified and solved a data breach that may have affected 40 million credit and debit card accounts used in stores between Nov. 27 and Dec. 15, 2013. Target.com was not affected.
The compromised data involves the type stored on the magnetic strip of cards that were used at stores: customer name, credit or debit card number, the card's expiration date and CVV (three-digit security code).
WHO STOLE THE ACCOUNT INFO?
Security experts have traced the hackers to Southeast Asia, but it's still unclear who's behind it, or how it was done. There are unconfirmed reports the security breach may have come from malicious software placed on the terminals near the store registers, where customers swipe their cards.
Under Minnesota law, if a company loses "unencrypted personal information," "the disclosure must be made in the most expedient time possible and without unreasonable delay."
Target said the credit card numbers were stolen Nov. 27 through Dec. 15. Target came forward just two days later, and is now sending emails to customers, which computer expert Mark Lanterman says is ahead of the curve.
"Typically, it's not uncommon for consumers to not learn they've been breached for months," Lanterman said.
NUMBERS LIKELY BLACK MARKET-BOUND
Lanterman said the Target hack appears highly sophisticated, and came at the worst possible time, before Black Friday. He said the hackers will now simply sell the numbers on the black market, for a few dollars each, while others will make counterfeit credit cards.
"They've essentially harvested a crop and now they're going to take it to market and sell it," Lanterman said.
CALL CENTERS, REDCARD WEBSITE AT CAPACITY
Customers who suspect unauthorized activity should contact Target at 866-852-8680.
"We continue to experience significantly higher than normal volume to our call centers and REDcard website, causing delays, Target said. "We are working around the clock to resolve this issue by continually adding capacity both to our call center and technical systems to meet all of our guests' needs. For example, in the last 24 hours we have quadrupled the capacity of our online REDcard account management site."
MORE ANSWERS FROM TARGET
Target addressed four specific concerns that have been common since the discovery of the credit card breach:
1. At this time, there is no indication that there has been any impact to PIN numbers. What this means is bank PIN debit cards or Target debit cards still have this additional layer of protection. It also means that someone cannot visit an ATM with a fraudulent card and withdraw cash.
2. Target has no indication that the data that was inappropriately accessed included a guest' date of birth or social security number.
3. The CVV data that may have been impacted was data in the magnetic strip and NOT the three or four-digit code visible on the card that would allow someone to make an online purchase.
4. Target has already alerted all of the networks (Visa, MasterCard, Discover and American Express) and provided the affected card numbers of customers who may have been impacted. The networks, in turn, are providing the affected card numbers to the financial institutions of Target customers via a "batch" or "CAMS alert." This alert process allows card providers to take steps to enact additional fraud monitoring. For REDcard holders, additional layers of security and fraud monitoring have been added to their cards.