Credit and debit card information of approximately 40 million Target customers was accessed by unauthorized means between Nov. 27 and Dec. 15, according a statement the company released on Thursday, Dec. 19.
The theft included customer name, credit or debit card number, expiration date and CVV, the three- or four-digit security code on the back of cards.
“If their security can be breached, anybody’s can be breached,” said Sandy Raynes, who was shopping at Target in Owings Mills on Dec. 19. Her credit card information has been stolen three times in the past two years, including one charge of $6,000 that her credit card company caught.
In a notice to customers, the company said it partnered with a top third-party forensics firm to investigate the incident and determine additional prevention measures.
“Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue so guests can shop with confidence,” Gregg Steinhafel, chairman, president and CEO of Target, said in a statement. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Mary Jo Landis, who was also shopping at Target on Dec. 19, said she was going to make her purchases in cash. She stops at the store about once every two weeks and said she may use her card again after the New Year.
“It’s just a little scary,” she said.
Maryland Attorney General Douglas Gansler released a statement recommending Marylanders check bank accounts daily, report suspicious activity to financial institutions, consider adding a fraud alert to credit reports or get a new card if the current one was compromised.
Gansler said there are several factors that concern him. It’s disturbing that something of this magnitude went undetected and happened to one of America’s top retailers.
“We do rely on companies the size of Target and that do business like Target to have proper safeguards in place,” Gansler said.
He expects attorneys general around the country to convene and work with the Consumer Financial Protection Bureau on future actions.
While Target’s breach was large, two recent breaches included more than double the number of thefts. In 2007, 90 million T.J. Maxx customers’ data was stolen, and in 2009, a breach of card processor Heartland Payment Systems resulted in the largest card theft to date, with 130 million stolen numbers.
Target asked customers who think their information was stolen to call 866-852-8680 and contact credit reporting agencies such as Equifax, Experian and TransUnion. It also recommended that Maryland residents contact the Federal Trade Commission or the Office of the Attorney General. More information can be found at corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca.