Welcome to College Confidential!

The leading college-bound community on the web

Sign Up For Free

Join for FREE, and start talking with other members, weighing in on community discussions, and more.

Also, by registering and logging in you'll see fewer ads and pesky welcome messages (like this one!)

As a CC member, you can:

  • Reply to threads, and start your own.
  • Post reviews of your campus visits.
  • Find hundreds of pages of informative articles.
  • Search from over 3 million scholarships.
Please take a moment to read our updated TOS, Privacy Policy, and Forum Rules.

Target credit/debit card security breach

145791015

Replies to: Target credit/debit card security breach

  • MomofWildChildMomofWildChild Registered User Posts: 21,836 Senior Member
    I am not behind the scenes at Target, so I can't really answer your questions. It takes some time to figure out what needs to be done and who needs to be notified. Continuing to use the cards didn't really hurt any consumers and the consumers aren't out any money. I know it is very inconvenient- I did not get caught in this breach but I have been caught in others (the most recent one my bank would not tell me what retailer had the breach) and I HATE getting a new card. My card is linked to a lot of sites, auto-payments etc. There are laws governing when a company has to notify the consumers, and I'm sure Target complied.
  • LasMaLasMa Registered User Posts: 10,847 Senior Member
    Thanks, MOWC. It just strikes me that Target continues to handle this very badly from a PR standpoint (which I know is sometimes at odds with the legal considerations). These days I think the accepted wisdom is that the company should get out in front of the story, be the one to announce it rather than get caught having to confirm it from other sources, etc. I believe that drip-drip-drip is to be avoided if possible.

    Last week, they were insisting that PINs were not captured by the hackers. I'm with you -- replacing a card is inconvenient, but we did it anyway the day after the first announcement. In view of the latest revelations, I'm glad we did.
  • MomOf3StarsMomOf3Stars Registered User Posts: 822 Member
    My bank has a notice on their website stating that they have received a list of card numbers that were possibly compromised and would be notifying the cardholders. Today I received a letter that they are issuing me a new card and that effective 1/5 my current debit card will be cancelled. I appreciate that they have been so proactive.
  • HImomHImom Registered User Posts: 29,750 Senior Member
    Went to target today with sisters and mom. I paid cash because I'm not convinced how well they fixed security. It seemed pretty thin of shoppers. My sister was thrilled to be buying Christmas things for 90% off! That was a good price but I just didn't want to store anything! They had small bottles of Goo Gone for $1. They had rubber ducks for $1 apiece. They had cello gift bags 20 for $1. They also had the Cascade Platinum dishwasher packets 2 for $22 and $5 gift card back!

    My sis used credit card and figures they MUST have fixed things and "lightening can't strike twice!"
  • teriwttteriwtt Super Moderator Posts: 12,525 Super Moderator
    ^^^ Actually the safest time I ever feel when I fly is right after a major plane crash, so I agree with your sister's thinking.
  • lindz126lindz126 Registered User Posts: 1,915 Senior Member
    Wonder when they really discovered how far reaching the security breach was. Somehow I think they hid this until after the Christmas shopping period.

    Target says up to 70 million more customers were hit by December data breach - The Washington Post

    "Affected customers will be sent an e-mail providing them with general security tips, said Target, adding that no personal information would be requested in the e-mail. The Minneapolis-based retailer is also offering one year of free credit monitoring and identity theft protection to all shoppers."

    Has anyone received this email? I used my cc at Target during this period but have not received any email as of yet.
  • actingmtactingmt Registered User Posts: 1,900 Senior Member
    No email. I used mine during that period. And many other times before and after. And again today. I don't think they have my email, actually.
  • WellspringWellspring Registered User Posts: 1,025 Senior Member
    My bank sent me a new card yesterday, unbidden, because of the Target breach.
  • ucbalumnusucbalumnus Registered User Posts: 63,541 Senior Member
    lindz126 wrote:
    Wonder when they really discovered how far reaching the security breach was. Somehow I think they hid this until after the Christmas shopping period.

    If "they" means the crackers (who are probably better at this stuff than corporate IT departments), then of course they are trying to hide the breach -- their goal is to not be detected as long as possible while continuing to steal information.

    Regarding this second discovery, the news articles do not mention where the names, addresses, etc. came from. Would they be from on-line purchases, or Target credit cards?
  • arabrabarabrab Registered User Posts: 5,946 Senior Member
    Target is rapidly losing any sympathy I had for them with this dribble out of information, some of which (particularly concerning PINS) contradicts what they said earlier -- and there is still no path for the id theft monitoring they promised back in December.
  • CT1417CT1417 Registered User Posts: 4,082 Senior Member
    It was either CNN or the NYT, but somewhere tonight I read that Target requires ID when purchasing wine. Instead of simply verifying the purchaser's age, the cashier swipes the card through her register. I sense there is a great deal of data compiled.

    Some excerpts from tonight's NYT article.

    I would be putting a freeze on my credit, if I didn't have one already!

    Security experts say that clever hackers could potentially piece together customers’ stolen information for identity theft or for use in a so-called spear phishing attack, in which hackers send a highly tailored emails to victims asking them to click on a link or download an attachment that, once opened, gives hackers a foothold into their computers and employers’ networks.

    After the initial breach, Target said that it had protected customers’ payment information with encryption and that it had stored the keys to descramble it on separate systems not affected in the breach. But the encryption algorithm Target used to protect that data — a standard known as triple DES, or 3DES — is vulnerable in some cases to so-called brute force attacks, when hackers use computers for high-speed guessing. In a breach on Adobe last year, hackers were able to bypass 3DES encryption through brute force attacks and exposed tens of millions of Adobe passwords within weeks of the breach.

    “In Target’s case, what this highlights is that the point-of-sale systems customers use to swipe their credit cards are connected to the corporate network like everything else. There is lots of opportunity to compromise individuals through point-of-sale machines and then pivot to the corporate network.”

    Mr. Ghosh said he suspected that hackers might use the trove of email addresses to send spoofed correspondence from Target, asking users for more information than they would typically be asked to enter, such as a mother’s maiden name or a Social Security number, that hackers could use for identity theft, or to take their credentials and use it for cybercrime.
  • FlossyFlossy Registered User Posts: 3,121 Senior Member
    Target also swipes ID for returns without receipt and check writers. It's a lot of data. I've definitely had my ID swiped at Target a bunch of times. But not during the dates in question. Whew!
  • lindz126lindz126 Registered User Posts: 1,915 Senior Member
    ucb--I was saying I suspect Target withheld this additional finding not the hackers.

    I used a cc not a Target card, and as Arabrab stated, it is irritating that that they have not provided any idea as to signing up for the promised "free credit monitoring" I had this situation occur previously twice with other similar security breaches and the free monitoring was immediately and simply offered.
  • CT1417CT1417 Registered User Posts: 4,082 Senior Member
    lindz---they have finally announced that they will offer free monitoring but it doesn't sound as though they are ready for the slamming volume of requests they will receive. Probably need to ensure the credit monitoring doesn't get hacked.

    https://corporate.target.com/discover/article/Target-to-offer-free-credit-monitoring-to-all-gues
  • dragonmomdragonmom Registered User Posts: 5,642 Senior Member
    "It was either CNN or the NYT, but somewhere tonight I read that Target requires ID when purchasing wine. Instead of simply verifying the purchaser's age, the cashier swipes the card through her register. I sense there is a great deal of data compiled."

    My local Target justs asks for your date of birth . I rattled mine off one time and my son got on my case "would you recite your SS# in public?" So now I just give them a fake one. ( can I get arrested for that?). Being vain, I shave 5 years off my age. In retrospect, I should be adding 5 so that people think "Dang, she looks good for 60" instead of "I hope I look better than that at 50".

    I didn't get any email from them, but I've never given them my email and given the security breach wouldn't open one if I got it...
145791015
This discussion has been closed.