Thursday, July 24, 2014         

 Print   Email   Comment | View 16 Comments   Most Popular   Save   Post   Retweet

Target: 40M card accounts of holiday shoppers possibly hacked

By Anne D'Innocenzio & Michelle Chapman

AP Business Writers

LAST UPDATED: 09:32 a.m. HST, Dec 19, 2013

Target says about 40 million credit and debit card accounts may be affected by a data breach that occurred just as the holiday shopping season shifted into high gear.

The chain said customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.

The data breach did not affect online purchases, the company said.

The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," Chairman, President and CEO Gregg Steinhafel said in a statement today.

The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate and prevent future breaches. The company said it is putting all "appropriate resources" toward the issue.

Target Corp. advised customers to check their statements carefully. Those who see suspicious charges on the cards should report it to their credit card companies and call Target at 866-852-8680. Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission.

Even if Target shoppers haven't noticed suspicious activity on their credit card accounts, a Target spokeswoman said, "we encourage everyone to be vigilant."

Target hasn't disclosed exactly how the data breach occurred, but said it has fixed the problem and credit card holders can continue shopping at its stores.

The company has 1,797 U.S. stores and 124 in Canada.

"The fact this breach can happen with all of their security in place is really alarming," said Avivah Litan, a security analyst with Gartner Research.

Litan noted that companies like Target spend millions of dollars each year on credit card security measures. Given the company's heavy security, Litan said she believes the theft may have been an inside job.

Target's breach comes at the height of the holiday shopping season and threatens to scare away shoppers worried about the safety of their personal data. The November and December period accounts for 20 percent, on average, of total retail industry sales.

In Wednesday morning's trading, Target's stock dipped $1.15, or 1.8 percent, to $62.40.

The incident is particularly troublesome for Target because it has used its branded credit and debit cards as a marketing tool to lure shoppers with a 5 percent discount.

The company said during its earnings call in November that as of October some 20 percent of store customers have the Target branded cards. This holiday season, Target added other incentives to use its cards. Two days before Thanksgiving, Target.com ran a special review sale with 25 exclusive offers, from electronics to housewares for those who used the branded card.

As a result of these incentives, households that activate a Target-branded card have increased their spending at the store by about 50 percent on average, the company said.

"This is how Target is getting more customers in the stores," said Brian Sozzi, CEO and Chief Equities Strategist. "It's telling people to use the card. It's been a big win. If they lose that trust, that person goes to Wal-Mart."

Target is just the latest retailer to be hit with a data breach. TJX Cos., which runs stores such as T.J. Maxx and Marshall's, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn't detected until December 2006. In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.

At TJX, for at least 17 months, one or more intruders had free rein inside TJX's computers. Without anyone noticing, one or more intruders installed code on the discount retailer's systems to methodically unearth, collect and transmit account data from the millions of credit card and debit cards.

An even larger hack hit Sony in 2011. It had to rebuild trust among PlayStation Network gamers after hackers compromised personal information including credit card data on more than 100 million user accounts.

Greg Melich, an analyst at ISI International Strategy & Investment Group, wrote in a note published today that Target's most important goal should be to maintain "customer trust and therefore longer-term loyalty."

Litan said she doubts the breach will have much of an effect on Target's sales, noting that TJX launched sales promotions immediately following the news of its breach. The promotions increased sales.

"People care more about discounts than security," Litan said.

AP Technology Writer Bree Fowler reported from New York.

 Print   Email   Comment | View 16 Comments   Most Popular   Save   Post   Retweet

You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
awahana wrote:
I used to always make a point to shop at Target when I visited the mainland.
But the Target on Oahu is not the same. I hate it. I avoid it.
Why you ask?
Their customer service needs more training. They can't even do returns correctly. Takes 40 minutes to do any price match. And you have to have the actual newspaper ad of the competitor. You cannot print from the web site. You cannot show them your smartphone or tablet. They will not honor it. And even if you do bring the competitors ad, they have to go and ask at least 3 other associates if they should do the PM. Then they all say, 'ask the MOD.' And then you have to wait until they locate the Manager On Duty. And then when the MOD shows up, the process starts all over again. They start calling the competitor to see if the price is correct, and its in stock. Then they call Kapolei to see what they are selling it for. OMG.
They trolley bus over Japanese tourists from waikiki and so they have everything overpriced at the Iwilei store, to take advantage of the tourists. Walmart Keeaumoku does this too, but not on every item. Target does it on half the store. I found $10 Kapolei Target items marked as $45! Then they act like its a mistake when you point it out. And then when you come back a week later, still the same. Outrageous. So wrong.
I don't even bother going there or looking at any of their ads anymore.
But I do hope they stick around. I need their prices for price matching elsewhere! LOL.
on December 18,2013 | 09:05PM
aomohoa wrote:
Wow, did you take your cranky pill this morning. I go to Target and Kapolei all the time and the employees are very nice and I always have a positive experience.
on December 19,2013 | 07:47AM
NanakuliBoss wrote:
Must have gone in aomo Rail pill bottle.
on December 19,2013 | 08:19AM
I agree. I dont shop there often, but have not had the experience that awahana has had.
on December 19,2013 | 09:04AM
retire wrote:
Amen, I stopped shopping their for the same reasons, plus the won't honor my coke rewards coupons, even though they sell coke products. And if you check at all, most of their household goods are made in China and substandard.
on December 19,2013 | 09:12AM
hilopango wrote:
There's no Target in Iwilei...are you sure you know what you're talking about?
on December 19,2013 | 10:03AM
awahana wrote:
Apologies. Salt lake.
on December 19,2013 | 11:30AM
eoe wrote:
40,000,000 people had their credit card and personal information stolen online. I'm outraged. I'm sure Rush and the rest of the right wing champions of the people will be all over this - marathon coverage on fox for the next two weeks exposing what a bunch of incompetents Obama and the rest of the govern... what's that? This story is not about the online exchange? Oh, the data was stolen from one of the largest private sector companies in the world whose e-commerce systems have been in place for 15 years? *crickets chirping*
on December 19,2013 | 05:00AM
You're gonna blame Obama for this? Would you like to throw George Bush, Clinton and your mother on to the top of this heap? Incredible audacity you have to interject your irrational thought.
on December 19,2013 | 09:08AM
eoe wrote:
Maybe you should read the comment fully.
on December 19,2013 | 09:41AM
nodaddynotthebelt wrote:
Need more mental fitness.
on December 19,2013 | 12:37PM
krusha wrote:
I just shopped there on the 15th... At least I didn't use my debit card.
on December 19,2013 | 06:03AM
iwanaknow wrote:
I shopped Nov 30, 2013..............needless to say I'll be checking carefully.
on December 19,2013 | 08:21AM
RandolphW wrote:
I guess I will have to face the fact than none of my credit cards and debit cards are truly secure, and I will have to check the statements periodically during the billing cycle, and before the end of each statement date. I have a red Target credit card, and I have only used it once, which was sometime before this reported incident. Apparently, none of the credit and debit cards are completely safe from hackers, and it is especially frightening that some of these incidents have be perpetrated by insiders or employees.
on December 19,2013 | 09:39AM
eoe wrote:
You should actually face the fact that no computer attached to the internet is secure, period.
on December 19,2013 | 10:19AM
thanks4reading wrote:
By law, you have 60 days from the date that you receive a credit card bill to dispute any charge (dispute must be in writing). So if you get ripped off by a mechanic, you can reverse the charges. If you order something online and it is not as advertised, you can reverse the charge (as long as you return the item).
on December 19,2013 | 10:27AM
Breaking News