NEW YORK (CBSNewYork/AP) — Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.
The chain said that customers who made purchases using their cards at its U.S. stores between Nov. 27 and Dec. 15 may have been exposed.
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.
It said it is putting all “appropriate resources” toward the issue.
“Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue,” the company said in a statement Thursday.
According to the security industry website Krebs on Security, identity thieves hacked into Target’s system of 40,000 credit card machines at stores nationwide and stole the information stored in the magnetic strip.
“It sounds like the actual payment software was hacked with a piece of malware or some other kind of security breach in the actual credit card processing itself and that’s not very common,” said Professor William McGeveran, an information law expert.
Secret Service spokesman Brian Leary confirms the agency is investigating, but declined to provide further details.
Experts said that given the company’s heavy security the breach could have been an inside job, CBS 2’s Andrea Grymes reported.
The breach comes during the height of the holiday shopping season and consumers say it a big concern.
“I almost only use credit cards all the time, so that scares me,” said shopper Alicia Davis.
Consumer credit experts recommend watching your bank statements very closely for any unauthorized transactions. If you’re worried, you can changed your account number or personal identification number and keep your receipts in a safe place or shred them.
If you think your information may have been stolen, experts say you should contact your bank immediately.
“Put a security freeze on credit reports, that will protect 90 percent of the identity theft threat. If somebody can’t pull your credit report, they can’t open new accounts or access new lines of credit,” said consumer credit expert Paul Oster.
Karin Price Mueller, a consumer writer for The Newark Star-Ledger, told WCBS 880’s Wayne Cabot that Target customers could become victims months down the road.
“Now, in a case like this, if your information was stolen and is being sold on the black market to other bad guys, you don’t know when they’re potentially going to try to use it,” she said. “They might try to access other information about you — stuff that’s out there in the public — so that they can end up applying for new loans or new credit cards. So you can steps to protect yourself that way by contacting the credit bureaus about what might have happened to you.”
New York state Attorney General Eric Schneiderman has also urged Target customers to stay aware of any suspicious activity on their accounts, WCBS 880’s Irene Cornell reported.
“But New Yorkers have to be safe. We know a lot of people are shopping this holiday season. It’s very important to take these simple steps. Again please, if you think you’re a victim you want to get a fraud alert. If you know you’re a victim you want to get a freeze on your account,” Schneiderman said.
Holiday shoppers at the Target on 116 Street told CBS 2’s Dick Brennan that they still plan to buy, but very carefully.
“I went to the ATM and got cash,” shopper Samantha Dareff said.
“I felt a little nervous but I have to finish my Christmas shopping,” Maria Saliba told Brennan.
Attorney General Schneiderman has also called on Target to help protect its customers, Brennan reported.
“Were asking them to provide one year of credit monitoring service to any New Yorker at risk to assure accounts are protected from suspicious activity,” Schneiderman said.
Target has advised customers who suspect there has been unauthorized activity on their cards to call them at 866-852-8680 or visit corporate.target.com for more information.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” Chairman, President and CEO Gregg Steinhafel said in a statement.
Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx and Marshall’s, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud.
The breach wasn’t detected until December 2006. In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.
Check Out These Other Stories From CBSNewYork.com:
[display-posts category=”news” wrapper=”ul” posts_per_page=”4″]
(TM and © Copyright 2013 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2013 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)