As soon as Amie Vetter read about the Target security breach yesterday, she decided to go online and check her credit-card account. That's when the Delaware woman discovered that she was among the 40 million Target customers who had been affected by the massive data breach.
As soon as Amie Vetter read about the Target security breach yesterday, she decided to go online and check her credit-card account.
That's when the Delaware woman discovered that she was among the 40 million Target customers who had been affected by the massive data breach.
"Sure enough, there were charges from various online retailers that neither I nor my husband had made," Vetter said.
Worried about fraud? Learn what you can do
Target said criminals gained access to its customers' credit- and debit-card information on Nov. 27 - the day before Thanksgiving and just ahead of one of the busiest shopping days of the year - and maintained access through Dec. 15.
"As of Dec. 15, we identified an unauthorized access and were able to resolve the issue," Molly Snyder, a Target spokeswoman, said in an email.
The breach could hardly come at a worse time of the year for the retailer, during the final surge of Christmas shopping. The holiday shopping season can generate 20 percent to 40 percent of a retailer's annual sales, according to the National Retail Federation.
The charges on Vetter's credit card dated to Dec. 6, she said, "and as early as just yesterday."
Vetter immediately called her bank and put a stop on the credit card. She also plans to contact the office of Ohio Attorney General Mike DeWine, "and I was thinking about filing a police report to get it investigated even more because some of the companies won't tell me anything about the transactions."
Criminals stole customer names, credit- or debit-card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped at its stores, Target said. The company noted that online customers were unaffected by the breach, which appears to have been isolated to checkout systems in Target's retail stores.
Checkout systems have become a major target for cybercriminals in recent years. By breaching them, they can steal the so-called track data on credit and debit cards, which can be sold, in bulk, on the black market and used to create counterfeit cards.
Snyder said some Target Red Card holders were having trouble accessing their accounts online yesterday. She said Target was working to fix the problem as quickly as possible.
While the 40 million customers affected in the Target case put it among the top five credit-card breaches, it's not the biggest, said Boston-based security consultant Robert Siciliano, CEO of IDTheftSecurity.com.
The biggest case occurred in 2011, Siciliano said, when a hacker exposed the credit-card information of more than 100 million user accounts on the Sony PlayStation video-game network.
"Regardless, consumers need to be aware," Siciliano said, "because chances are good their cards will be compromised over the coming weeks until the banks and credit cards reissue new cards."
Those who have been affected shouldn't panic, said Kip Morse, president and CEO of the Central Ohio Better Business Bureau.
"You are not liable for any fraudulent charges on your account," Morse said.
And the chances are good that Target and affected banks will take other steps to placate ripped-off customers, said Daren Orzechowski, a lawyer who focuses on information-technology legal matters.
"Target or the credit-card company may have to offer these customers something, such as credit monitoring, to protect them from suffering any monetary losses and to preserve goodwill," he said.
Target already has issued a warning on its website and said it has been working with banks and credit-card issuers to alert consumers. Target said it has alerted federal authorities and financial institutions and is working with a third-party forensics firm on an investigation.
"You can expect to hear from your bank if your card information is identified as having been compromised," Morse said, "and you can always call the customer service number on your card if you have a question."
While tens of millions of Target customers may have been affected by the security breach, few had called DeWine's identity-theft unit.
"We have not been inundated with calls at this point," DeWine spokesman Dan Tierney said yesterday. However, "our call center and identity-theft unit are on alert to be ready for calls from affected individuals."
Information from The New York Times was included in this story.