TARGET CUSTOMERS: A Message from Target CEO Gregg Steinhafel about Target’s Payment Card Issues

December 21, 2013 12:30 pm · 26 comments

target

The following message regarding stolen credit card information is from Target CEO Gregg Steinhafel:

Dear Target Guest,

As you have likely heard by now, Target experienced unauthorized access to payment card data from U.S. Target stores.

We take this crime seriously. It was a crime against Target, our team members and most importantly you – our valued guest.

We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target.

Our brand has been built on a 50-year foundation of trust with our guests, and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.

We want you to know a few important things:

  •  The unauthorized access took place in U.S. Target stores between Nov. 27 and Dec. 15, 2013.  Canadian stores and target.com were not affected.
  •  Even if you shopped at Target during this time frame, it doesn’t mean you are a victim of fraud. In fact, in other similar situations, there are typically low levels of actual fraud.
  •  There is no indication that PIN numbers have been compromised on affected bank issued PIN debit cards or Target debit cards. Someone cannot visit an ATM with a fraudulent debit card and withdraw cash.
  •  You will not be responsible for fraudulent charges—either your bank or Target have that responsibility.
  •  We’re working as fast as we can to get you the information you need.  Our guests are always the first priority.
  •  For extra assurance, we will offer free credit monitoring services for everyone impacted. We’ll be in touch with you soon on how and where to access the service.

Please read the full notice below. And over the coming days and weeks we will be relying on target.com, abullseyeview.com, corporate.target.com and our various social channels to answer questions and keep you up to date.

Thank you for your patience, understanding and loyalty to Target!

Gregg Steinhafel

Gregg Steinhafel Chairman, President and CEO, Target

The message below was posted from Target on Dec. 19, 2013

We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident.

We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV.

We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future. Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.

We recommend that you closely review the information provided in this letter for some steps that you may take to protect yourself against potential misuse of your credit and debit information. You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports. If you discover any suspicious or unusual activity on your accounts or suspect fraud, be sure to report it immediately to your financial institutions. In addition, you may contact the Federal Trade Commission (“FTC”) or law enforcement to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s Web site, at www.consumer.gov/idtheft, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

You may also periodically obtain credit reports from each nationwide credit reporting agency.  If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. In addition, under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going towww.AnnualCreditReport.com or by calling (877) 322-8228. You may contact the nationwide credit reporting agencies at:

Equifax
(800) 525-6285
P.O. Box 740241
Atlanta, GA 30374-0241
www.equifax.com

Experian
(888) 397-3742
P.O. Box 9532
Allen, TX 75013
www.experian.com

TransUnion
(800) 680-7289
Fraud Victim Assistance Division
P.O. Box 6790
Fullerton, CA 92834-6790
www.transunion.com

In addition, you may obtain information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file. In addition, you can contact the nationwide credit reporting agencies regarding if and how you may place a security freeze on your credit report to prohibit a credit reporting agency from releasing information from your credit report without your prior written authorization.

Again, we want to stress that we regret any inconvenience or concern this incident may cause you. Be assured that we place a top priority on protecting the security of our guests’ personal information. Please do not hesitate to contact us at 866-852-8680 or visit Target’s website if you have any questions or concerns. If you used a non-Target credit or debit card at Target between Nov. 27 and Dec. 15 and have questions or concerns about activity on your card, please contact the issuing bank by calling the number on the back of your card.

IF YOU ARE AN IOWA RESIDENT: You may contact local law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft. You can contact the Iowa Attorney General at:

Office of the Attorney General
1305 E. Walnut Street
Des Moines, IA 50319
(515) 281-5164
http://www.iowaattorneygeneral.gov/

IF YOU ARE A MARYLAND RESIDENT: You may obtain information about avoiding identity theft from the FTC or the Maryland Attorney General’s Office. These offices can be reached at:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
(877) IDTHEFT (438-4338)
http://www.ftc.gov/idtheft/

Office of the Attorney General
Consumer Protection Division
200 St. Paul Place
Baltimore, MD 21202
(888) 743-0023
www.oag.state.md.us

IF YOU ARE A NORTH CAROLINA RESIDENT: You may obtain information about preventing identity theft from the FTC or the North Carolina Attorney General’s Office. These offices can be reached at:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
(877) IDTHEFT (438-4338)
www.consumer.gov/idtheft

North Carolina Department of Justice
Attorney General Roy Cooper
9001 Mail Service Center
Raleigh, NC 27699-9001
(877) 566-7226
http://www.ncdoj.com

IF YOU ARE A MASSACHUSETTS RESIDENT:  Under Massachusetts law, you have the right to obtain a police report in regard to this incident.  If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

Massachusetts law also allows consumers to place a security freeze on their credit reports. A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, mortgages, employment, housing or other services.

If you have been a victim of identity theft and you provide the credit reporting agency with a valid police report, it cannot charge you to place, lift or remove a security freeze. In all other cases, a credit reporting agency may charge you up to $5.00 each to place, temporarily lift, or permanently remove a security freeze. To place a security freeze on your credit report, you must send a written request to each of the three major consumer reporting agencies listed above.

In order to request a security freeze, you will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, the addresses where you have lived over the prior five years;
  5. Proof of current address (e.g., a current utility bill or telephone bill);
  6. A legible photocopy of a government issued identification card (e.g., state driver’s license or ID card or military identification);
  7. If you are a victim of identity theft, a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft;
  8. If you are not a victim of identity theft, payment by check, money order, or credit card (Visa, MasterCard, American Express or Discover only). Do not send cash through the mail.

The credit reporting agencies have three (3) business days after receiving your request to place a security freeze on your credit report. The credit reporting agencies must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both that can be used by you to authorize the removal or lifting of the security freeze.

To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a written request to the credit reporting agencies by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have three (3) business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time.

To remove the security freeze, you must send a written request to each of the three credit reporting agencies by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze. The credit reporting agencies have three (3) business days after receiving your request to remove the security freeze.

FAQs

How do I know if this impacts me?

If you shopped at Target between Nov. 27 and Dec. 15, you should check your account for any suspicious or unusual activity. If you see something that appears fraudulent, REDcard holders should contact Target, others should contact their bank.

If I shopped at Target.com or in Canada should I be concerned?

No, this was an issue that impacted US stores.

Can I still use my card at Target?

Yes you can, if you used your card during the impacted periods, you should continue to monitor your accounts.

Has the issue been resolved?

Yes, Target moved swiftly to address this issue so guests can shop with confidence. We have identified and resolved the issue of unauthorized access to payment card data. The issue occurred between Nov. 27 and Dec. 15 and guests should continue to monitor their accounts.

How can I be assured you are taking the steps to protect my information in the future?

We continue to invest in our security practices to protect our guests’ information including the retention of a leading third party forensics firm to conduct a thorough investigation of this incident. We apologize for any inconvenience this has caused our guests.

Is the CVV code the same as the three-digit code on the back of my card?

No, the CVV code is not the same as the security code on the back of your card.  As of now, we have no indication that the three-digit code on the back of the card has been impacted.

If I call you, what are your hours of operation?

Agents are available to take calls from 7am to 11pm daily.

photo: Target CEO Gregg Steinhafel – courtesy of target.com

{ 26 comments }

1 Target offering 10% discount December 21, 2013 at 12:54 PM

The CEO of Target apologized to the public for slower call center and website access and is now offering a 10 percent discount to all customers after a massive data breach left information of about 40 million shoppers vulnerable to thieves.
http://abcnews.go.com/Business/target-offers-mea-culpa-guests-discount-stolen-credit/story?id=21297261

2 Dorothy December 21, 2013 at 1:11 PM

I don’t shop Target but have relatives who work there. One of them uses the red card a lot.

3 Amy December 21, 2013 at 1:24 PM

Oh, sure. Invite shoppers to shop at Target again for a lousy 10% discount. No thank you.

4 Connie December 21, 2013 at 2:00 PM

Thank you. You seem to be handling it in an an ethical manner.

5 Anon December 21, 2013 at 2:05 PM

Damn that Obama. What else can he cause.

6 J. December 21, 2013 at 2:08 PM

Gregg is wearing Khaki trousers

7 Russ December 21, 2013 at 2:08 PM

Anyone wearing a Red shirt is never someone I would put a lot of faith in for the future

8 Off Target December 21, 2013 at 2:28 PM

Haven’t been in a Target since they kicked the Salvation Army Bell Ringers out back in 2004.

9 Beacon December 21, 2013 at 2:44 PM

Don’t be too quick to judge Target. No institution, public or private, is safe from hacking. The hackers are devious, smart, and have tons of free time on their hands. And there are more of them globally than we have trained security professionals to counter the threat. Target won’t be the last. The payoff is simply too big.

10 Teacher Wannabe December 21, 2013 at 2:54 PM

@Anon, you are, and always will be, and idiot. Sorry for that folks, I hate to have you exposed to his brainless, irrelevant banter.

11 Anonymous December 21, 2013 at 2:58 PM

I love it. They dont have customers, they have “guests”

12 Kirkwood December 21, 2013 at 3:30 PM

40 Million credit cards? I’ll bet the NSA is envious.

13 @Amy, #3 and Russ, #7 December 21, 2013 at 4:53 PM

So Target is willing to GIVE you a 10% discount, over something which wasn’t any fault of theirs, and you turn up your nose. Not smart.
And Russ, considering that red is the color of Target, don’t judge the CEO just because of his shirt color. You’re bordering on being a jerk. They’re a VERY successful company.

14 @13 December 21, 2013 at 6:10 PM

Pffft… A whopping 10% discount? You mean to tell me I can save a whole .29 on a box of Q Tips? That 10% really makes up for all of the time headache and hassles people are going through from this mess (Not).

15 @@13, #14 December 21, 2013 at 7:04 PM

You’re going to drive to Target, fight traffic and parking for a $2.90 box of Q-tips? As I said before, not smart. Even if you were to pay $5.00 for those Q-tips at CVS, considering the time and GAS you save, you’ll come out ahead, unless you live next door to Target, and will walk. Plan ahead, and use that 10% for something you know you’ll be needing in the future. Remember, 10% of a $1,000 is a hundred dollar saving, much better than your example of $.29.

16 You Don't Matter December 21, 2013 at 8:04 PM

Technology is out there that would all but eliminate what took place.
You and retailers are victims. Credit card companies view incidents like this as a cost of doing business and will do NOTHING about the problem until card usage begins to drop off. Until they are hurt financially, by consumers switching back to checks or cash, nothing will change.
Your choice.

Will not have a debit card because they lack security, a PIN number gives false sense of security.
Will use my credit card on paypal and a very few mail order companies.
Checks for food and for everything else cash.

17 @13 December 21, 2013 at 8:09 PM

“They’re a VERY successful company.”
An they are in Very Big Trouble. Because of what happened customers will go to competitors and some may never go back to Target. The 10% is a desperate attempt to get customers to come back.

18 @ Teacher Wannabe December 21, 2013 at 9:06 PM

Wannabe’s don’t count. Get the job done.

19 MDE Parent December 21, 2013 at 9:20 PM

And the link for the girl scouts on the Mt. Diablo Elementary website takes you to a “low sperm count” page. I’m sure it will be fixed tomorrow once some admin reads Claycord. But, it’s been that way for over a year – because that’s when I first noticed it.

Community:
http://mtdiabloelementary.mdusd.org/Community
Scouting:
http://girlscoutsbayarea.org

20 Stolen credit cards now being sold on black market December 22, 2013 at 12:54 AM

Credit cards stolen in massive Target breach now being sold on black market

Target confirmed earlier this week that approximately 40 million credit card and debit card numbers belonging to patrons who shopped in the company’s stores on or around Black Friday were stolen in a massive security breach that took place between November 27th and December 15th. Now, the reporter who broke the story is back with some more bad news for Target customers: Those stolen credit card numbers and associated data are now available for sale on several black market websites.

http://news.yahoo.com/credit-cards-stolen-massive-target-breach-now-being-200539203.html

21 Russ December 22, 2013 at 7:34 AM

@13 Sorry the “redshirt” (Star Trek reference) joke was lost on you. You are bordering on being intelligent.

22 @15 December 22, 2013 at 8:04 AM

Ever heard of sarcasm before? Guess not. Oh well, ignorance is bliss I suppose.

23 Ridiculous December 22, 2013 at 10:06 AM

What is really a disgrace, is Target was aware of this situation soon after it occurred. Instead of notifying consumers who had shopped there during this time period by putting out an alert statement, they just wanted to let it go until after Christmas.
They don’t care about how it might have hurt or inconvenienced those who were affected, they only cared about their bottom line.
Even in his excuse for a public statement, he’s just kind of non nonchalantly saying “Even if you shopped at Target during this time frame, it doesn’t mean you are a victim of fraud. In fact, in other similar situations, there are typically low levels of actual fraud.” For a person living pay check to pay check low level of fraud could be disastrous!
I don’t shop at Target, and now for sure never will.

24 Concorddad December 22, 2013 at 10:17 AM

People on this page never shock me. Target unlike other companies have taken extreme steps to protect their customers and are now offering everyone an added discount. Every year this happens to numerous companies. I applaud Target for the handling of this situation. I have a Target Card and got an e-mail right after it happened.

Wal-Mart would say “Sucks for you we are still rich”.

25 Rob December 22, 2013 at 11:41 AM

We are so far behind so many other countries that take protecting this type of data seriously.

26 Nice Nancy December 23, 2013 at 9:56 AM

This story appeared on Drudge a day before it appeared on the main stream news stations. I went down to my bank the next morning and cancelled my card and changed my pin. The manager at Chase hadn’t even heard of this story. I told them to get ready for an influx of customers coming in to change their cards and pin numbers.

Comments on this entry are closed.

Previous post:

Next post: