Credit card info hacked again

[Chuckanut]

So Target now has up to 70 million customers put at risk. And Neiman Marcus has an unknown number at risk.

Are we having fun yet?

At least there is no chance Neiman Marcus can reveal anything about me. They don't let rabble like me buy anything from them. It's to dangerous to their reputation.

 

[Walt34]

I'm probably safe too. I once walked past a Neiman Marcus store ~20 years ago.

 

[Htown Harry]

I usually go into Target about twice a year. Unfortunately, the most recent time was in early December, when I used a credit card.

I rarely worry about the boogie man on the internet or in financial transactions. Even now, I say my alert level has only risen from a 1 to 3 on a 10 point scale. If I had used a debit card, it might be higher.

Still, I might be motivated to take Target up on their monitoring offer if the sign-up hassle is low and the monitoring service doesn't bombard me with messages related to normal transactions.

Anyone else giving it some thought? Or would calling Visa for a new credit card serve essentially the same purpose?

https://corporate.target.com/discover/article/Target-to-offer-free-credit-monitoring-to-all-gues

January 10, 2014
We understand our guests are eager to sign up for free credit monitoring and identity theft protection.

More details will be coming next week...

The service, which will be available to all guests who shopped our U.S. stores, will include a complimentary credit report, daily credit monitoring, identity theft insurance where available, and access to personalized assistance...

 

[REWahoo]

Harry, I'd definitely take them up on free monitoring. I think the issue goes beyond someone making a fraudulent charge on your CC account - the real concern is identity theft which is a far greater headache for the victim.

DW used her debit card at Target during the time the problem occurred. She was notified last week that USAA was replacing her card, which makes me very concerned about the possibility of identity theft. We will definitely use the offered credit monitoring service to help keep an eye on anything out of the ordinary.

 

[MichaelB]

Anyone else giving it some thought? Or would calling Visa for a new credit card serve essentially the same purpose?

+1@REWahoo

From the link

The service, which will be available to all guests who shopped our U.S. stores, will include a complimentary credit report, daily credit monitoring, identity theft insurance where available, and access to personalized assistance.

Changing cards prevents new unauthorized charges but does nothing to prevent ID abuse. The data theft includes information that could help set up a bogus account. Keep in mind the encrypted PIN file was also breached.

I shopped in Target during the breach period and might take them up on this offer, not because I am concerned, but as a no-cost way to explore these credit monitoring services.

 

[Dreamer]

I used my debit card at Target during this time. My credit union has already sent me a new debit card and I do plan on taking advantage of the credit monitoring services. Identity theft is a scary thing!

 

[Midpack]

I hadn't read they'd been hacked again, just that it involved more customers/data all along.

No problems so far for us knock on wood, we're still checking CC activity daily.

We were weekly Target shoppers but we haven't been back since the story broke. We're going to visit Costco today with the intent to join, so we have something to augment our local grocery store. May be an overreaction, but it's hard to trust Target after such a massive breach...YMMV

 

[ERD50]

So Target now has up to 70 million customers put at risk. ....

I'm trying to understand these numbers. Isn't the adult population of the US about 300 million? Are we really talking almost one in four adults have shopped at Target in this time frame? Did the hack get into every terminal in every store?

-ERD50

 

[ERD50]

...May be an overreaction, but it's hard to trust Target after such a massive breach...YMMV

Or maybe with all this attention, they are the safest store to shop at? I can't imagine a hacker trying to get in there now with all the investigations going on. Wouldn't that be like trying to rob a bank while all the cops/investigators are still on the scene from a bank robbery earlier that day?

-ERD50

 

[MichaelB]

I'm trying to understand these numbers. Isn't the adult population of the US about 300 million? Are we really talking almost one in four adults have shopped at Target in this time frame? Did the hack get into every terminal in every store?

-ERD50

Over 1.1 billion credit cards outstanding, according to the US Census Bureau. https://www.census.gov/compendia/statab/2012/tables/12s1188.pdf

Edit: For a more complete response, 1.2B credit cards, 500M debit cards, total 1.7 billion cards.

 

[Chuckanut]

She was notified last week that USAA was replacing her card, which makes me very concerned about the possibility of identity theft. We will definitely use the offered credit monitoring service to help keep an eye on anything out of the ordinary.

The best defense we have at the moment (besides not doing foolish things ourselves) is to put a FREEZE on your accounts with the three credit reporting agencies. Nobody can open an account under your name and SS while your account is frozen. Alas, it is a profit center with the charge being up to $10, depending upon your state, to freeze and thaw an account.

OTOH, if one has talked to a person whose identity has been stolen, one knows that the freeze/thaw is nothing compared to the hassle of working through an identify theft.

 

[easysurfer]

I think the number is now up to around 110 million:

Target data breach affected personal info from up to 110mn customers ? RT USA

But on Friday Target announced that the ongoing investigation into the fraud showed that other customer information as well as the originally reported payment card data had been stolen.

Affecting as many as 110 million customers, the stolen information included names, mailing addresses, phone numbers and email addresses of customers who had swiped their cards outside the 19-day breach period, according to Molly Snyder, a Target spokeswoman.

 

[Midpack]

Or maybe with all this attention, they are the safest store to shop at? I can't imagine a hacker trying to get in there now with all the investigations going on. Wouldn't that be like trying to rob a bank while all the cops/investigators are still on the scene from a bank robbery earlier that day?

Could be, but if it was that easy to correct (they were giving assurances literally overnight), how did it happen to begin with?

And I'm a believer in 'fool me once shame on you, fool me twice shame on me...'

We've considered joining Costco for years, good time to give them a try in lieu of Target to us.

I also find it hard to believe 1/4th to 1/3rd of the US population shopped there during the 3-4 weeks in question. Will be interesting to see what store revenues/traffic do this quarter and thereafter.

 

[Chuckanut]

I'm trying to understand these numbers. Isn't the adult population of the US about 300 million? Are we really talking almost one in four adults have shopped at Target in this time frame? Did the hack get into every terminal in every store?

-ERD50

The names and other information of 70 million people were probably collected over a long period of time.

Krebs explains these things much better than I can:

Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen — Krebs on Security

Hackers Steal Card Data from Neiman Marcus — Krebs on Security

 

[Chuckanut]

Or maybe with all this attention, they are the safest store to shop at? I can't imagine a hacker trying to get in there now with all the investigations going on. Wouldn't that be like trying to rob a bank while all the cops/investigators are still on the scene from a bank robbery earlier that day?

-ERD50

I think the danger is that the register hacks may not be the only way they compromised Target's security.
They might still have something lurking in the background, though I imagine the security experts are busy 'sanitizing' the entire Target computer system.

 

[Chuckanut]

I wonder if the chip and pin cards would offer more real protection. I would think that at the very least, a Target shopper could change the pin used by the card, thus making that bit of information useless to the crooks.

Keep in mind that the crooks are still selling batches of credit card information to other crooks. (I'll take 500 numbers in this zip code, please.) So, Target shoppers have to be watchful for months as more and more of the CC information is sold to other crooks.

 

[jetpack]

My World Mastercard offers Identity Theft Resolutions Services for free. They can lockdown your credit reports, get free credit reports from the 3 agencies, and a resolution kit.

 

[scrabbler1]

Makes me more glad I use cash for most of my purchases although I have been using my newly acquired cashback CC more in the last 6 months (not at Target). I last shopped at Target in early 2013 but paid cash.

 

[Gotadimple]

I'm trying to understand these numbers. Isn't the adult population of the US about 300 million? Are we really talking almost one in four adults have shopped at Target in this time frame? Did the hack get into every terminal in every store?

-ERD50

No, 1 in 4 adults may have shopped at any time and were registered on their website. The additional 70m identified were registered site users, not shoppers during Thanksgiving.

Rita

 

[MRG]

Or maybe with all this attention, they are the safest store to shop at? I can't imagine a hacker trying to get in there now with all the investigations going on. Wouldn't that be like trying to rob a bank while all the cops/investigators are still on the scene from a bank robbery earlier that day?

-ERD50

Interesting observation, maybe the safest. Maybe the bad guys are next door, hacking XYZ store.

Probably coincidence, we don't shop at Target. Last week I received a security alert from pay-pal, someone was attempting to hack it. We don't use it either, they quickly deleted the account at my request.
MRG

 

[Bestwifeever]

I believe the people most at risk for identity theft are those who shopped there with credit or debit cards during the late November to mid December period (when their account info was "compromised") AND had shopped there or online at any time previously when they might have provided personal information such as email addresses, etc.--one source I read this morning said the compromisers can now combine the account info and the personal info to recreate and manipulate identities.

Re chip and pin--can a user change the pin or is it embedded in the chip and provided when the card is issued? For some reason I thought the latter. Eta: never mind, apparently you can change the pin at will using an ATM or at a bank, just like the chipless cards' pins.

 

[Rustic23]

This summer we were notified that data from a previous employer had turned up in a file in a foreign country. We froze our credit accounts at that time. Other than going through the process, that was all online, it was painless. Thirty dollars to do all three. If you don't plan on getting a new cell plan, mortgage, credit card or other line of credit, it is a one time charge. We had two outstanding credit cards at the time and both continued to work fine.

In Oct, after a trip to D.C. we had on of our credit cards cloned. The credit freeze had no effect on getting a replacement.

A couple of thoughts, we only froze my record, not DW's. Most likely should do this.
Second, make sure you save the numbers the agencies send you. You need them to remove the freeze if you ever need to.

 

[ERhoosier]

This risk ain't just one store or credit card company, it's everywhere. A few yrs ago the VA was badly hacked & notified me my data was compromised (both as a vet & former employee). They gave me free yr's credit monitoring & luckily nothing else came of it. More recently one of my doc's sent me a letter that their billing service had been compromised. Etc, etc, etc.
Short of regressing to pure barter system & living in a cave, IMHO Rustic23's advice to freeze your credit is prob best solution. You can still get more credit if you want (CC's, car loans, etc.), just requires more verification steps & takes longer to accomplish. Small price to pay for extra protection in this electronic age

 

[Alan]

I hadn't read they'd been hacked again, just that it involved more customers/data all along.

No problems so far for us knock on wood, we're still checking CC activity daily.

We were weekly Target shoppers but we haven't been back since the story broke. We're going to visit Costco today with the intent to join, so we have something to augment our local grocery store. May be an overreaction, but it's hard to trust Target after such a massive breach...YMMV

OP wasn't referring to Target, he was commenting on the Neiman Marcus CC data breach

Neiman Marcus confirms data breach, offers few details - The Washington Post

 

[Rustward]

We were weekly Target shoppers but we haven't been back since the story broke. We're going to visit Costco today with the intent to join, so we have something to augment our local grocery store. May be an overreaction, but it's hard to trust Target after such a massive breach...YMMV

Do you think this can't happen to Costco?