If you're one of the 40 million Americans who used a credit, debit or ATM card at a Target store between Nov. 27 and Dec. 15, your account information -- including the card's security code -- may have been stolen. Merry Christmas!
The news certainly is disturbing. The period in question spans the busiest shopping season of the year -- from the day before Thanksgiving through Black Friday and into this past weekend. But if you employ some common sense and a bit of vigilance, you and your credit history and credit score should be fine.
First, do not panic. This does not appear to be a case of full-bore identity theft or even a comprehensive breach of all of your credit information. Given what is currently known, only the information on the card you used at Target has been compromised.
Still, don't minimize the risk. The attack might have touched nearly all 1,797 Target stores in the United State, and the bad guys got away with all of the information on the cards' magnetic stripes -- customer names, card numbers, expiration dates and even those three- or four-digit verification codes known as CVVs.
No federal law requires you to be personally notified of a data-related security breach. Many states do require notification, but it can take some time. For now, you're probably on your own.
Let's get to the heart of the matter. Here's what federal fraud specialists, consumer advocates and other experts say you should do:
- Look at your receipts or scan your memory and figure out what card or cards you used at Target during the period in question -- Nov. 27 through Dec. 15. The security of only those cards is currently believed to be at risk.
- Reset the password attached to the online version of that account. This won't protect you against unauthorized use of the card at brick-and-mortar shops, but it might help defend against a deeper magnitude of security breach if the data thief decides to poke around in cyberspace.
- If you used a debit or ATM card, keep a close eye on the bank account attached to that card. Go online regularly for the next few weeks -- or until authorities or your bank issues an all clear -- and look for any unauthorized transactions.
- If you find one or more unauthorized transactions, immediately notify the bank. You must contact the card issuer within 60 days of the day the questionable statement was mailed to you. Upon learning of the problem, the issuer almost certainly will tell you to cut up the card in question and it will expeditiously send you a replacement. "They just want your credit card number," Tom Shaw, vice president of financial crimes management at USAA, the financial services company that mostly serves military families, told CreditCards.com last year during a flurry of similar data breaches. "They are agnostic as to whose name is embedded in the magnetic stripe."
- Know your legal liability and move quickly. Generally speaking, your liability is limited to $50 for unauthorized purchases made with your debit or ATM card. But time is of the essence: Under federal law, if you don't report illicit transactions within 60 days, you may be held responsible for the entire amount. In any case, when you report an unauthorized transaction, the bank in all likelihood immediately will deactivate your debit or ATM card and arrange for you to receive a new one.
- If you used a credit card at Target during the period in question, go online and monitor the transactions associated with that account. Check that account frequently until authorities issue an all clear.
- If you see anything suspicious, immediately call the credit card issuer and report the problem. In the case of credit cards, federal law also limits your liability to $50 for any fraudulent transactions.
- If you see unauthorized transactions on either a debit card or a credit card, also contact one of the three major credit reporting bureaus and ask it to attach a "fraud alert" to your account. This service is free, and the company must share the alert with the other two companies. The initial alert stays on your accounts for at least 90 days and will make it more difficult for a thief to open more accounts in your name. The Federal Trade Commission has details on contacting three major credit reporting companies and fraud alerts.
- As a precaution, go ahead right now and order a free copy of your credit report. It will serve as a pre-fraud starting point in case things go south on you in coming weeks or months as a result of the breach at Target or any other potential financial fraud. Federal law requires each of the three major credit reporting services to provide one free copy of your credit report every 12 months. When the report arrives, check it carefully for errors or suspicious activity.
- In the unlikely event that the breach associated with the cards used at Target spreads to your other accounts, you can ask each of the three credit reporting companies to put a freeze on your credit file. This makes it less likely that thieves can open new accounts in your name, but it also means that potential creditors cannot obtain your credit report. Think of it as the nuclear option and one to be used only under grave circumstances.
Bottom line: If you apply modest vigilance, employ some common sense and respond quickly to any suspicious activity regarding your accounts, you should be fine.See related: Beware: Data breach dangers rise when you travel