Target Security Breach Nov 27th-Dec 15

madforLEGO

Hi Everyone, I know this is not directly LEGO related but Target had a major security breach that has exposed credit card and debit card info between Nov 27-Dec 15th I believe this was mainly at Stores, but not sure.
So keep an eye on statements everyone and have a safe holiday and New Year

starfire2

I saw that on the CNN news feed 2 days ago. Definately something to take seriously.

ColoradoBricks

^^ yes, It is only in store purchase, not from target.com. If payed with a Target Red Card, it at least limit where the CC/DC can be used fraudulently...

madforLEGO

Yeah, the ONE time I pay with my Bank debit card and use my pin at a Target as well. So I went to the Chase by me and had the card cancelled and get a new one in its place. Apparently I was not the only one, about 60 people came in to my local branch to have their cards replaced with a new card number.
I know that the odds of something happening are low, chase has been watching for questionable activity anyway (especially since this occurred) and I'll have to replace my card number if I have it at any auto pay for bills and what-not, but it was worth the 5 minutes it took to get the new card than if something happened.

nkx1

^Same here. We virtually always pay with the Red Card (only my wife has one; I never bothered to get one). Of course, the last two times we visited Target (during the date range in question), we forgot the card and paid with a different credit card. Oh well, I guess we'll see when/if we got our info stolen. I'm not really worried other than possibly incurring the inconvenience of ordering a new card and disputing fraudulent charges.

BTHodgeman

From what I've been hearing, the Red Card holders (especially debit) may be more exposed than others. Allegedly (and I hope this is false!), the method 'they' used to steal the card info also provided 'them' with the PIN numbers. Given that the Red Debit card is linked directly to a bank account, it's a potential headache waiting to happen.

I've been trying to access my Target Red Card account all day, but their site is inundated. Good luck calling them as well...

Bad time of year for this all to happen... especially for Target with 3 of the 4 biggest shopping days yet to happen...

ninjagolightly

I've been trying to cancel my debit Red Card all day. Both phone and website totally unreachable. I'm thinking there will be a class action suit out of this. Not only allowing the accounts to be compromised, and then failing to notify account holders of that, but then not even enabling people to close those accounts... that's unheard-of. My bank says the only way to prevent unauthorized charges is to close my bank account... they have no way of withdrawing or blocking the electronic transfer authorization I signed to get the Red Card on their side.

LegoFanTexas

^ Sadly the banking system in the US is rather backwards that way... You should be able to control what comes in and out of your account, but the ACH system doesn't really allow that level of control.

Frankly, given the ACH system in this country, closing and opening a new bank account every other year is not a terrible idea... It is just a PITA for all the auto-draft stuff.

BTHodgeman

@ninjagolightly - Your bank absolutely should be able to block the ACH from Target if you request that from your bank. They're probably just being lazy...

They can put an ACH Debit block on your account for the entire account or a specific merchant. (The debit block would prevent debits from your account but not credits, i.e. Direct Deposits.)

I'd try your bank again if you get nowhere with Target today. FWIW, I was able to login to my Red Card account last night and there was nothing abnormal.

ninjagolightly

I still have not been able to reach target to cancel my red card, after 48 hours.
This is absolutely unacceptable. They should have proactively cancelled all cards used in the compromised timeframe if they were unable to handle individual cancellation requests. They are exposing their customers to atrocious additional risk. The email that they finally sent, which was nothing but mealy-mouthed CYA with no remedy, was also unacceptable. I have never had a bad in-store experience at Target, but I am absolutely furious at them right now. Normally I'm against suing companies for every little thing, but this is gross and unnecessary negligence compounded. It's going to be a textbook case in business school of how not to handle a crisis.

Thank you for the ACH Debit block advice, I will speak to my bank about that tomorrow and try using that term on them to see if I get anywhere.

Brickarmor

My wife spoke with the bank today and they said that Target is sending out lists of at risk accounts, and we were not on it. Apparently when someone's bank receives the list, the account holder at risk is then notified. Checked our accounts, too, nothing abnormal...except for this repetitive-compulsive amount spent on Lego...?!

starfire2

They are offering 10% off purchases at Target Saturday 12/21 and Sunday 12/22 to apologize to guests. Brick & Mortar stores only.

LegoMom1

starfire2 said:

They are offering 10% off purchases at Target Saturday 12/21 and Sunday 12/22 to apologize to guests. Brick & Mortar stores only.

If they made it 25% I might be interested. :)

snowtyger

we didn't hear about the 10% until we walked in; its 'select items' not including gift cards (the one thing we did buy). I might check out their televisions tomorrow

starfire2

LegoMom1 said:

starfire2 said:

They are offering 10% off purchases at Target Saturday 12/21 and Sunday 12/22 to apologize to guests. Brick & Mortar stores only.

If they made it 25% I might be interested. :)

Be happy it's anything. Target didn't cause the hack.

starfire2

snowtyger said:

we didn't hear about the 10% until we walked in; its 'select items' not including gift cards (the one thing we did buy). I might check out their televisions tomorrow

10% excludes Apple products, Bose, and Beats by Dr. Dre.

madforLEGO

10% is nice, considering they did not have to do it. But doing this during the last weekend before Christmas (instead of waiting a weekend AFTER will keep me away from any Retail stores for the most part. It seems to me as much as this is an apology it is also a money grab to entire people to come in and buy more.

I wonder if they would 'price match' my receipt from a few days ago for this..lol

cody6268

I'm surprised that this happened in store, not as a result of online shopping, where these events usually occur.

LegoMom1

@madforLEGO said: I wonder if they would 'price match' my receipt from a few days ago for this..lol.

They might, especially if you purchased the items during the time the breach occurred. It's worth a try if it's a considerable amount. If they refuse, you could ask them to return everything and then rebuy it. Of course this is a bit extreme, but if the price difference is considerable, you might give it a try. Good luck.

JeffH

cody6268 said:

I'm surprised that this happened in store, not as a result of online shopping, where these events usually occur.

It obviously that their POS system/network was hacked. Possible route will be either POS software was compromised, which was less likely as this would be an insider job along with production deploy. The other possibility is that their credit authorization/clearance network was hacked

Covi

Better check it out...because hashed pin codes already surfaced here.

More information on their website can be found here.

legogal

my bank is sending me a new cc at their insistence. Ouch!

AFFOL_Shellz_Bellz

And the debacle continues with email addresses, snail mail addresses, and more being part of it as of tonight's 6:00 pm news! My bank has just replaced my ATM card which should keep our funds safe, hopefully.

madforLEGO

Well I got my card replaced the day I heard about this, but I got another notice saying new cards would be going on. I have no seen one and I hope it is because they knew I just replaced it so why bother replacing it again.
But this is why.. Target seems to be always coming out with more revelations about this breach and I thought it would just be smarter to replace my bank card outright and I'm glad I did.

ninjagolightly

I knew they were lying and that is why I spent hours on the phone every night for a week until I could get through to Target CS and cancel my Red debit card. I'm glad I persisted.

TheLoneTensor

I think the concept of data theft at retailers aligns with the iceberg effect. For every one you know about, I bet there are 9 more you don't. I don't think it's unrealistic to think that a similar situation has already happened at every major retailer multiple times, only they were either a) ignorant of it happening or b) able to keep it under wraps.

I'm happy this happened though, if only because awareness is the best defense against such breaches.

starfire2

ninjagolightly said:

I knew they were lying and that is why I spent hours on the phone every night for a week until I could get through to Target CS and cancel my Red debit card. I'm glad I persisted.

Then my friend, you are truly misinformed. They didn't lie. They are just learning new information. Your Red debit card would have been fine if you went to manage my redcard and changed your pin number. The pin numbers however were never affected though.

Yellowcastle

^ Recent updates indicated pins were compromised as well.

starfire2

Yellowcastle said:

^ Recent updates indicated pins were compromised as well.

Well, I work for them and the info we received today said they were not. I would believe them before I believe the media.

Yellowcastle

"Target confirmed Friday that debit card PIN data was stolen in its recent massive breach, reversing its earlier stance that the codes were not part of the hack."

http://money.cnn.com/2013/12/27/technology/target-pin/

starfire2

Why does Target think PIN data can’t be compromised?

Due to how the encryption process works, Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.
This according to their own website!!!

madforLEGO

I have less and less trust in a company that cannot decide if they have compromised PINs or not.