Target: 40M accounts could be affected in breach

Published: .
Updated: .

Target says about 40 million credit and debit card accounts may have been affected by a data breach.

The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15. The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.

The data breach did not affect online purchases, the company said.

The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.

In light of the news, some people who had shopped the Southport Target Thursday had changed their payment habits.

"I paid with cash today because of the story that you ran this morning. The wife and I were looking at it and got concerned," said shopper Jeff Lawson.

"I always look at my ticket now because before I never did but it's pretty scary to think that somebody could do that," said shopper Barbara Radford.

Others say there's a risk no matter how you pay.

"It is about the same as carrying cash, you get pickpocketed or you pull your phone out and drop it, it's just a lot easier to carry your card around," said shopper Nathan McCoy.

"Unfortunately, it is a sign of the times the way hackers are out there and getting everybody's information and then using your account. Yeah, it is kind of scary," said shopper Steve Schoch, who used his debit card. Experts say those shoppers are especially at risk.

"That is a little more serious, not only because it is not as automatic with a debit card in terms of refunds and reimbursements as it is with credit cards, but also because it is your bank account," said Abby Kuzma, Director of Consumer Protection for the Indiana Attorney General's Office.

She recommends changing your PIN immediately since that information may have also been compromised. You should then request a new card.

She says just because you may not see suspicious activity on an account now, don't assume you're clear.

"Most of the time the impact happens quickly but there are reports of impact many years later even," she said.

Contact your bank or credit card issuer for additional tips, and be sure to review your credit report.

Target has set up a number for concerned shoppers at 1-866-852-8680.

Target has 1,797 U.S. stores and 124 in Canada.

Target breach Q&A

Here are some answers to the most common questions about the theft:
Q: I shopped at Target during that time. What should you do?
A: Check your credit card statements carefully. If you see suspicious charges, report the activity to your credit card companies and call Target at 866-852-8680. You can report cases of identity theft to law enforcement or the Federal Trade Commission.
You can get more information about identity theft on the FTC's website at, or by calling the FTC, at (877) IDTHEFT (438-4338).
Q: How did the breach occur?
A: Target isn't saying how it happened. Industry experts note that companies such as Target spend millions of dollars each year on credit card security, making a theft of this magnitude particularly alarming.
Avivah Litan, a security analyst with Gartner Research, says given all the security, she believes the breach may have been an inside job.
Litan says Target's breach suggests that current security standards aren't working.
"It's really a wake-up call to the banking industry, but they never seem to wake up," she said.
James Lyne, global head of security research for the computer security firm Sophos, says something clearly went wrong with Target's security measures.
"Forty million cards stolen really shows a substantial security failure," he says. "This shouldn't have happened."
Q: Why is the Secret Service investigating?
A: While it's most famous for protecting the president, the Secret Service also is responsible for protecting the nation's financial infrastructure and payment systems. As a result, it has broad jurisdiction over a wide variety of financial crimes. It isn't uncommon for the agency to investigate major thefts involving credit card information.

(Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)