Target Corp. confirmed Thursday it has identified and solved a data breach that may have affected 40 million credit and debit card accounts used in stores nationwide between Nov. 27 and Dec. 15, 2013.
The compromised data involves the type stored on the magnetic strip of cards that were used at stores: customer name, credit or debit card number, the card's expiration date and CVV (three-digit security code).
"Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause," Target said in a statement. "The privacy and protection of our guests' information is a matter we take very seriously and we have worked swiftly to resolve the incident."
TARGET.COM NOT AFFECTED
The Target.com website is not believed to have been affected.
WHAT SHOULD YOU DO?
If you shopped at a Target store between Nov. 27 and Dec. 15, 2013, you should check your account for any suspicious or unusual activity. If you see something that appears fraudulent, REDcard holders should contact Target, others should contact their bank.
Customers who suspect unauthorized activity should contact Target at 866-852-8680.
You may also contact the Federal Trade Commission or police to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. Visit www.consumer.gov/idtheft or call the FTC at (877) IDTHEFT (438-4338) for more information.
BANKS ON ALERT
Target said it immediately alerted law enforcement and banks after the data breach was discovered. Target is also working with a third-party forensics firm to investigate the incident further.
The Star Tribune cited a spokeswoman from American Express Co., who confirmed that the company is aware of the breach and has put fraud controls in place; however, the company has not noticed any fraudulent activities on its customers' cards.
The data stolen would allow crooks to counterfeit cards by encoding the information onto any card that has a magnetic stripe, according to security expert Brian Krebs. If the thieves were able to intercept PIN data in debit transactions, they may be able to recreate debit cards and withdraw cash at ATMs, Krebs on Security warned.
Investigators: Cyber safe crackers