Target Breach, Updated

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Topic Author
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Target Breach, Updated

Post by Rupert »

So now Target says that the names, mailing addresses, and email addresses of approximately 70 million customers may have been stolen during their recent data breach. I seriously doubt that 70 million adult Americans (approximately 1 in 3 of all Americans over age 18) shopped at Target during the 2- to 3-week period they initially said was involved, which means that the thieves likely accessed Target databases in addition to those storing POS information. I fear that means gift registries, mailing lists, and pharmacy records. Can anyone here confirm that this must be true? Am I correct that this sort of personal information is not stored in the magnetic strip data on credit/debit cards and must have come from some other source? Should we all be monitoring credit reports now, in addition to credit/debit card transactions?
nordlead
Posts: 739
Joined: Thu Sep 12, 2013 9:09 am

Re: Target Breach, Updated

Post by nordlead »

names, mailing addresses, and email addresses are not stored on the magnetic strip of a CC or Debit card.

Personally, I don't care if someone stole my mailing or email address. They are pretty close to public information. I bet I can pick any house in my neighborhood and find the name of the owner within minutes, and worst case I just check their mailbox :D I then bet I can find their phone number.

You may want to change the password on your e-mail especially if it matched the password on your target account (assuming you have one).
jebmke
Posts: 12522
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Target Breach, Updated

Post by jebmke »

Maybe they should remove the bulls eye from their imaging.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Topic Author
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Re: Target Breach, Updated

Post by Rupert »

Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
new2bogle
Posts: 1640
Joined: Fri Sep 11, 2009 2:05 pm

Re: Target Breach, Updated

Post by new2bogle »

Rupert wrote:Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
Thanks for the update.

I want to point out that Fidelity pro-actively sent out new CC that we had previously used at Target. I was impressed by that.
User avatar
bertilak
Posts: 8302
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Target Breach, Updated

Post by bertilak »

nordlead wrote:I bet I can pick any house in my neighborhood and find the name of the owner within minutes, and worst case I just check their mailbox :D I then bet I can find their phone number.
Tax records, including billing name and address, are public records, at least where I live. Our county has a public web page for that info. Phone numbers often can be found one one of those internet sites whose purpose is to look up phone numbers, like http://www.whitepages.com/.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
nordlead
Posts: 739
Joined: Thu Sep 12, 2013 9:09 am

Re: Target Breach, Updated

Post by nordlead »

bertilak wrote:
nordlead wrote:I bet I can pick any house in my neighborhood and find the name of the owner within minutes, and worst case I just check their mailbox :D I then bet I can find their phone number.
Tax records, including billing name and address, are public records, at least where I live. Our county has a public web page for that info. Phone numbers often can be found one one of those internet sites whose purpose is to look up phone numbers, like http://www.whitepages.com/.
yea, when I said I could use the mailbox I was thinking renters, but of course they wouldn't be the owners which is what I said :oops:
User avatar
Rainier
Posts: 1585
Joined: Thu Jun 14, 2012 5:59 am

Re: Target Breach, Updated

Post by Rainier »

Not gift registries!!!

The only stuff left on mine is junk, and I don't need any more hand towels. I just don't have the space for them.
Topic Author
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Re: Target Breach, Updated

Post by Rupert »

bertilak wrote:
nordlead wrote:I bet I can pick any house in my neighborhood and find the name of the owner within minutes, and worst case I just check their mailbox :D I then bet I can find their phone number.
Tax records, including billing name and address, are public records, at least where I live. Our county has a public web page for that info. Phone numbers often can be found one one of those internet sites whose purpose is to look up phone numbers, like http://www.whitepages.com/.
Yeah, but my credit card number can't be found in the phone book, and my credit card number is a lot more valuable to the thieves if it comes with personal identifiers. It allows the thieves to sell my account number to other thieves in my community, as opposed to someone in another part of the world. My credit card company's risk machine (or whatever they call the program that scans all transactions for fraud) is less likely to flag a transaction as fraudulent if the transaction occurs in my town, at a place I might regularly shop. That's why some card numbers from the Target breach are selling for over $100 online. That's why some card issuers are prophylactically issuing new cards.
fsrph
Posts: 1268
Joined: Sun Jul 26, 2009 7:54 pm
Location: Pa.

Re: Target Breach, Updated

Post by fsrph »

new2bogle wrote:
Rupert wrote:Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
Thanks for the update.

I want to point out that Fidelity pro-actively sent out new CC that we had previously used at Target. I was impressed by that.
I shopped at Target during the security breach period. No unusual charges on my cc, I have been checking daily. However, PenFed was proactive also and sent me a new card which included a chip.

Francis
"Success is getting what you want. Happiness is wanting what you get." | Dale Carnegie
nordlead
Posts: 739
Joined: Thu Sep 12, 2013 9:09 am

Re: Target Breach, Updated

Post by nordlead »

again, I'm not liable for the purchase.

The CC fraud alert program has never successfully worked in my experience. Flagging it as fraud if I travel for vacation or work. Flagging a trip to walmart followed by a trip to target (across the street in my town). Flagging large purchases for automobile parts (in my town). But when someone buys $500 of shoes online (at a shoe shop, so that must be what they bought) despite me never buying shoes online, the system lets it through no problem.

So, it doesn't matter if the purchase is local or not if you can't be bothered to check your CC statement for fraud.
User avatar
jpsfranks
Posts: 1005
Joined: Sun Aug 26, 2007 11:45 pm

Re: Target Breach, Updated

Post by jpsfranks »

I was pretty sure that the breach was larger than they had initially reported. I have a Chase credit card that I have used only 4 times, and haven't used in six months. One of those four purchases was at Target in December of 2012. In December of 2013 Chase alerted me to a suspicious charge and issued me a new credit card.
User avatar
JupiterJones
Posts: 2992
Joined: Tue Aug 24, 2010 3:25 pm
Location: Nashville, TN

Re: Target Breach, Updated

Post by JupiterJones »

Target will be providing free credit monitoring and identity theft protection (including a free credit report) to "affected guests":

https://corporate.target.com/discover/a ... o-all-gues

I'm assuming they'll somehow contact you if you're an "affected guest". We'll see...
Stay on target...
User avatar
ryuns
Posts: 3495
Joined: Tue Aug 07, 2007 6:07 pm
Location: Sacramento, CA

Re: Target Breach, Updated

Post by ryuns »

fsrph wrote:
new2bogle wrote:
Rupert wrote:Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
Thanks for the update.

I want to point out that Fidelity pro-actively sent out new CC that we had previously used at Target. I was impressed by that.
I shopped at Target during the security breach period. No unusual charges on my cc, I have been checking daily. However, PenFed was proactive also and sent me a new card which included a chip.

Francis
Are you saying they sent out a new card with a new number? If that's the case, I'd be more annoyed than relieved. Such a pain to switch everything to a new number.
An inconvenience is only an adventure wrongly considered; an adventure is an inconvenience rightly considered. -- GK Chesterton
fsrph
Posts: 1268
Joined: Sun Jul 26, 2009 7:54 pm
Location: Pa.

Re: Target Breach, Updated

Post by fsrph »

ryuns wrote:
fsrph wrote:
new2bogle wrote:
Rupert wrote:Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
Thanks for the update.

I want to point out that Fidelity pro-actively sent out new CC that we had previously used at Target. I was impressed by that.
I shopped at Target during the security breach period. No unusual charges on my cc, I have been checking daily. However, PenFed was proactive also and sent me a new card which included a chip.

Francis
Are you saying they sent out a new card with a new number? If that's the case, I'd be more annoyed than relieved. Such a pain to switch everything to a new number.
Yes, new card with new number. I have a couple of accounts to change, nothing major. Since there were no unauthorized charges on my account, I wonder if my cc company knows more about how large this breach really was. Maybe it's just my mind wandering but every time Target releases news it gets worse.

Francid
"Success is getting what you want. Happiness is wanting what you get." | Dale Carnegie
Imbros
Posts: 207
Joined: Mon Jan 23, 2012 11:41 pm
Location: Wisconsin

Re: Target Breach, Updated

Post by Imbros »

Rupert wrote:So now Target says that the names, mailing addresses, and email addresses of approximately 70 million customers may have been stolen during their recent data breach. I seriously doubt that 70 million adult Americans (approximately 1 in 3 of all Americans over age 18) shopped at Target during the 2- to 3-week period they initially said was involved, which means that the thieves likely accessed Target databases in addition to those storing POS information. I fear that means gift registries, mailing lists, and pharmacy records. Can anyone here confirm that this must be true? Am I correct that this sort of personal information is not stored in the magnetic strip data on credit/debit cards and must have come from some other source? Should we all be monitoring credit reports now, in addition to credit/debit card transactions?
No one will confirm that this must be true at this point (I work in the industry). All we know so far is that they have the cardholder address for compromised cards, which is something not stored in Mag Stripe. So we already knew that this is not a simple skimming event. The unofficial card count we compiled from Visa, MC and other network data is far smaller than 70 million so far, but it will likely go up.
There is no greatness where there is no simplicity, goodness and truth. -L. Tolstoy
User avatar
ray.james
Posts: 1451
Joined: Tue Jul 19, 2011 4:08 am

Re: Target Breach, Updated

Post by ray.james »

I used both my credit cards at target during that period. I am watching vigilantly. I have decided to use a new email service not linked to gmail for my investment and bank accounts.

Just to add this to thread, the hackers did get the PIN numbers along with card numbers and expiration dates. However the PIN's are encrypted. I read on Ars technica that target encrypted using latest algorithms but because of the size of PIN's( 4 characters) and amount of Pin numbers available they will be able to crack them soon.

It is surprising that target admins/network guys did not have any checks in place to automatically alert to their IT when someone is accessing GB's of data on their main databases.
When in doubt, http://www.bogleheads.org/forum/viewtopic.php?f=1&t=79939
likegarden
Posts: 3050
Joined: Mon Feb 26, 2007 5:33 pm

Re: Target Breach, Updated

Post by likegarden »

During those 3 weeks we bought for $5 at Target LOL, but cancelled our Capital One credit card number anyway and got a new card and number. We never had a Target card, so we should be safe. Now there are 110 million sets of data involved. Capital One already checked up on us because we bought something out of the ordinary. and since I did not know that my wife bought for $39 at CVS they stopped the credit card for one day until I explained. They seem to be very cautious, might be losses for banks.
Mudpuppy
Posts: 6710
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Target Breach, Updated

Post by Mudpuppy »

I suspect this will end up being much bigger than just Target by the time all is said and done. Brian Krebs is reporting a breach at Neiman Marcus in December as well:

http://krebsonsecurity.com/2014/01/hack ... an-marcus/

This might just be the tip of the iceberg. At the very least, what happened at Target is likely not unique to Target. Many other major merchants have weak links in their chains that could be similarly exploited. There is no absolute security.
User avatar
tadamsmar
Posts: 9329
Joined: Mon May 07, 2007 12:33 pm

Re: Target Breach, Updated

Post by tadamsmar »

Target's page on the matter:

https://corporate.target.com/discover/a ... erm=breach

Their FAQ:

https://corporate.target.com/about/shop ... -issue-FAQ

Says you will not be responsible for fraudulent charges, but the regs require your timely reporting fraud within a month or so, so not sure if they are providing something more.

They are still investigating, so I am sure there is more to come. You might get mail from your CC company or a call as some point.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: Target Breach, Updated

Post by sscritic »

I got an email offering one year of credit monitoring by Experian® ProtectMyID®. I signed up. Watch out for the sales pitches: you do want to pay for your credit score, of course. Not.
jebmke
Posts: 12522
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Target Breach, Updated

Post by jebmke »

Mudpuppy wrote:his might just be the tip of the iceberg. At the very least, what happened at Target is likely not unique to Target. Many other major merchants have weak links in their chains that could be similarly exploited. There is no absolute security.
The CEO of Target was on PBS last night. About all he said was [paraphrase] "there was malware and we removed it." I'm guessing that they won't say what they are doing to harden their systems. I wonder how likely it is that anything substantive has been done yet.
When you discover that you are riding a dead horse, the best strategy is to dismount.
Diogenes
Posts: 602
Joined: Sat Mar 03, 2012 3:58 pm

Re: Target Breach, Updated

Post by Diogenes »

Really no sense getting all excited about this intrusion at Target. At any given time there are many of these events going on at other companies in the U.S.
The hackers of the world know it is easy to steal money targeting American companies. Perhaps for the same reason as why prolific bank robber Willy Sutton (also interestingly known as "slick Willie") was asked why he robbed banks. His response "that's where the money is."

We should be concerned about the intrusions we don't see in the papers, and of course take steps to protect ourselves as a matter of course.

The real story here is all the lawyers who are likely hoping to make car payments from some lame class action suit against the other victim - Target. That is turn would of course ultimately be paid by the same consumers who had their information stolen.
Topic Author
Rupert
Posts: 4122
Joined: Fri Aug 17, 2012 12:01 pm

Re: Target Breach, Updated

Post by Rupert »

Diogenes wrote:Really no sense getting all excited about this intrusion at Target. At any given time there are many of these events going on at other companies in the U.S.
The hackers of the world know it is easy to steal money targeting American companies. Perhaps for the same reason as why prolific bank robber Willy Sutton (also interestingly known as "slick Willie") was asked why he robbed banks. His response "that's where the money is."

We should be concerned about the intrusions we don't see in the papers, and of course take steps to protect ourselves as a matter of course.

The real story here is all the lawyers who are likely hoping to make car payments from some lame class action suit against the other victim - Target. That is turn would of course ultimately be paid by the same consumers who had their information stolen.
I wasn't excited when I thought they only had my credit card number. The possibility that pharmacy records were breached is a much bigger concern. Without knowing which databases were breached, it's kind of hard to know how excited to get, isn't it?
Cuzz35
Posts: 441
Joined: Mon Jun 28, 2010 11:14 pm
Location: Marietta, GA

Re: Target Breach, Updated

Post by Cuzz35 »

Rupert wrote:Just fyi for those of you who have ever shopped at Target but not during December and so thought you were safe: The New York Times reports, "This additional trove of data involves all kinds of customer information that Target had collected over time.Those customers need not have even shopped at Target during the holiday period to have had their information stolen." The new number of possible victims is 70 million to 110 million customers and former customers. Mind boggling.
My wife had not used her debit card at Target in months and was alerted by her bank that her card was charged at a Target store on the other side of the country for several hundred dollars last week. The bank had immediately cancelled her card and sent a new one.
castlemodesto
Posts: 146
Joined: Sun Sep 15, 2013 12:31 pm

Re: Target Breach, Updated

Post by castlemodesto »

I have started a new thread " Free Target Credit Monitoring"
http://www.bogleheads.org/forum/viewtop ... st=1923179
because it seems a great many Bogleheads would be eligible for this, and the article I have referenced
http://www.financialramblings.com/archi ... rget-hack/
gives detailed information about how to go about it.
goodbishop
Posts: 64
Joined: Sat Mar 10, 2012 9:38 am

Re: Target Breach, Updated

Post by goodbishop »

Rupert wrote:So now Target says that the names, mailing addresses, and email addresses of approximately 70 million customers may have been stolen during their recent data breach. I seriously doubt that 70 million adult Americans (approximately 1 in 3 of all Americans over age 18) shopped at Target during the 2- to 3-week period they initially said was involved, which means that the thieves likely accessed Target databases in addition to those storing POS information. I fear that means gift registries, mailing lists, and pharmacy records. Can anyone here confirm that this must be true? Am I correct that this sort of personal information is not stored in the magnetic strip data on credit/debit cards and must have come from some other source? Should we all be monitoring credit reports now, in addition to credit/debit card transactions?
Right. From what it sounds like, there were two separate attacks - one with RAM scraping malware on the POS systems, and the other one was where they accessed the records of 70 million customers. I wonder how they got the second piece - insider threat is likely.

For the personal information, just the name is stored on the Track 1 data on the credit card. https://www.pcisecuritystandards.org/do ... ss_v20.pdf , page 9.

I'm going to be discussing this tomorrow and how to defeat RAM scraping malware.

And yes, you should be monitoring credit reports - looks like Target is sending it to everyone who signs up, per the other links in this thread.

Source - I'm a IT security manager/credit card security expert/I live and breathe this stuff
User avatar
Ged
Posts: 3934
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Target Breach, Updated

Post by Ged »

ray.james wrote: It is surprising that target admins/network guys did not have any checks in place to automatically alert to their IT when someone is accessing GB's of data on their main databases.
Quis custodiet ipsos custodes?

My experience with large enterprise software is that security against exploitation by insiders is largely non-existent.

Google is now scrambling to encrypt their internal networks because of some of the Snowden stuff. And they are one of the most sophisticated companies.
pinecrest
Posts: 678
Joined: Fri Feb 15, 2013 10:51 pm

.....

Post by pinecrest »

.....
Last edited by pinecrest on Mon Feb 24, 2014 6:45 pm, edited 1 time in total.
soccerdad12
Posts: 371
Joined: Thu Jan 19, 2012 8:52 am

Re: Target Breach, Updated

Post by soccerdad12 »

I received this email from Target yesterday:

Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
• Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
• Delete texts immediately from numbers or names you don’t recognize.
• Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel


Chairman, President and CEO


PS. I am not going to sign up for credit monitoring. Although there was no suspicious charges on my cards, I cancelled my debit and credit cards and placed a credit freeze on my name at the 3 credit agencies. It was free to do and took about 5 minutes. Pretty sure I am safe at this point.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: Target Breach, Updated

Post by sscritic »

soccerdad12 wrote:I received this email from Target yesterday:

Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
• Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
• Delete texts immediately from numbers or names you don’t recognize.
• Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel


Chairman, President and CEO


PS. I am not going to sign up for credit monitoring. Although there was no suspicious charges on my cards, I cancelled my debit and credit cards and placed a credit freeze on my name at the 3 credit agencies. It was free to do and took about 5 minutes. Pretty sure I am safe at this point.
I got this email on Monday.
Dear Target Guest,

As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.

I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.

In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
  • • Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
    • Delete texts immediately from numbers or names you don’t recognize.
    • Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.

Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com website. If you have further questions, you may call us at 866-852-8680.


Gregg Steinhafel

Chairman, President and CEO
I did sign up for credit monitoring on Monday, the same day I got the email. I did not freeze anything.
User avatar
frugaltype
Posts: 1952
Joined: Wed Apr 24, 2013 9:07 am

Re: Target Breach, Updated

Post by frugaltype »

I had the dim memory of having bought something at Target years ago. I got one of their emails just now. I looked in my old-bought-stuff email file and I had bought something in 2009. It's possible but not likely that I bought something in their fairly far away from me "local" store, but not recently.

I'd be upset if they had my SS number, but apparently, who knows, they don't.

I used free credit monitoring when someone walked off with a laptop with employees' information from my old employer. They only alerted once, and then would not identify the suspicious event! What the heck was that about. I did not find anything suspicious going on.

I don't think I still have the credit card numbers I had in 2009. So my plan is to just watch my statements.

Oddly, in the past few months, someone tried to open a credit card account with Chase with all my info but a wrong SS. I found this out when Chase mailed me some form to sign. Perhaps that's where this oddity originated. Why would crooks think a wrong SS number would work?
oaksavannah
Posts: 29
Joined: Sun Nov 25, 2012 7:50 am

Re: Target Breach, Updated

Post by oaksavannah »

A fraudulent charge on the Target card showed up today. Called Target and they cancelled my card and will be sending a new one. I also signed up for the monitoring service. I don't understand how the stealing and selling of credit cards works, do you? Some Russian hacker stole my Target card information. Sold it on the black market for, say $10.00. Then the purchaser makes a fraudulent charge showing I made a $247.00 purchase at a pharmacy in No. Virginia. I could understand purchasing an expensive item that could then be re-sold, but what is a thief going to do with pharmacy merchandise?
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: Target Breach, Updated

Post by sscritic »

oaksavannah wrote:I could understand purchasing an expensive item that could then be re-sold, but what is a thief going to do with pharmacy merchandise?
Make meth.

Edit: I think the correct term is cook meth. We need to be precise when talking about finances.
countdown
Posts: 114
Joined: Thu Jun 27, 2013 2:13 pm

Re: Target Breach, Updated

Post by countdown »

So the news yesterday was that a 17 year old kid was responsible for this breach of security? Amazing, if true.
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Target Breach, Updated

Post by Epsilon Delta »

sscritic wrote:
oaksavannah wrote:I could understand purchasing an expensive item that could then be re-sold, but what is a thief going to do with pharmacy merchandise?
Make meth.

Edit: I think the correct term is cook meth. We need to be precise when talking about finances.
Or diapers or laundry detergent or ... .

If it's worth the pharmacies time to buy at wholesale and resell it at retail it's worth the crooks time to steal it for $10 sell it at half retail.
User avatar
Ged
Posts: 3934
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Target Breach, Updated

Post by Ged »

oaksavannah wrote:what is a thief going to do with pharmacy merchandise?
Sell it on the street.

http://money.cnn.com/2011/06/01/news/ec ... rug_abuse/
hudson
Posts: 3827
Joined: Fri Apr 06, 2007 9:15 am

Re: Target Breach, Updated

Post by hudson »

If my credit is frozen at all 3 credit agencies, and I regularly check and reconcile my accounts, what good would it do to go for Target's offer of free credit monitoring?
Mudpuppy
Posts: 6710
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Target Breach, Updated

Post by Mudpuppy »

countdown wrote:So the news yesterday was that a 17 year old kid was responsible for this breach of security? Amazing, if true.
It is one security firm saying that the 17 year old is responsible for writing the malware installed on the point-of-sale systems. There has not been independent confirmation that the 17 year old is the author of the code. It also does not mean that the 17 year old actually did the attack. Writing the code and deploying the code are often two separate things, particularly for something as wide-spread as this is. Not that the media will accurately tell you this, but the media can't even spell the name of the CEO of the security firm right, so that has to tell you something.

In short, the 17 year old may have been part of the team that executed this attack, but I sincerely doubt it was entirely the work of the 17 year old.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: Target Breach, Updated

Post by sscritic »

hudson wrote:If my credit is frozen at all 3 credit agencies, and I regularly check and reconcile my accounts, what good would it do to go for Target's offer of free credit monitoring?
Enquiring minds what to know, are you related to the Hudsons of Hudson's Department Store and Dayton-Hudson? (This story is about Target after all)
In 2000, Dayton–Hudson was renamed Target Corporation
http://en.wikipedia.org/wiki/Hudson's
http://en.wikipedia.org/wiki/Dayton's
hudson
Posts: 3827
Joined: Fri Apr 06, 2007 9:15 am

Re: Target Breach, Updated

Post by hudson »

sscritic, Ha! not me...but interesting story about how Target began.
My grandmother told me I was named after a missionary to China...Hudson Taylor.
reisner
Posts: 477
Joined: Fri Jun 20, 2008 12:34 pm

Re: Target Breach, Updated

Post by reisner »

Target's offer of a free year of Experian credit monitoring requires me to enter my SS number. I see that SScritic signed up, but I'm suspicious. Should I be?
User avatar
ResearchMed
Posts: 11391
Joined: Fri Dec 26, 2008 11:25 pm

Re: Target Breach, Updated

Post by ResearchMed »

reisner wrote:Target's offer of a free year of Experian credit monitoring requires me to enter my SS number. I see that SScritic signed up, but I'm suspicious. Should I be?
I'm not at all sure if you should be suspicious that sscritic signed up, but better safe than sorry! :shock:

RM
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: Target Breach, Updated

Post by sscritic »

I would be suspicious of anything sscritic does. He even signed up for the free credit reports you can get by law from the three crediting agencies. A real fool, he even gave his real name and a bunch of other information to the credit bureaus because he really didn't want to get ResearchMed's credit report, but his own.

To be safe, never get your credit report, free or otherwise. Don't forget, ignorance of identity theft is bliss.
reisner
Posts: 477
Joined: Fri Jun 20, 2008 12:34 pm

Re: Target Breach, Updated

Post by reisner »

Ah, the bliss of ignorance! But I found the idea of giving out personal information in order to protect personal information a bit curious in the current circumstances. Especially given that Experian does not have an unblemished security record:

http://krebsonsecurity.com/2013/10/expe ... t-service/
User avatar
JMacDonald
Posts: 2343
Joined: Mon Feb 19, 2007 5:53 pm

Re: Target Breach, Updated

Post by JMacDonald »

I just got the infamous email from Target about my name, etc. I decided to freeze my credit as I don't see any need for anyone checking my credit in the future.
Interesting Equifax charged me $5.00 while the other two companies did it for free.
Best Wishes, | Joe
User avatar
Ged
Posts: 3934
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Target Breach, Updated

Post by Ged »

sscritic wrote:I would be suspicious of anything sscritic does.
I'm not suspicious of the things sscritic does, rather I'm suspicious of the things he writes.

It's just not natural to be that old and still be using the internet.
reisner
Posts: 477
Joined: Fri Jun 20, 2008 12:34 pm

Re: Target Breach, Updated

Post by reisner »

About freezing your credit--that seems like the thing to do right now. Do husband and wife have to do so separately?
User avatar
JMacDonald
Posts: 2343
Joined: Mon Feb 19, 2007 5:53 pm

Re: Target Breach, Updated

Post by JMacDonald »

reisner wrote:About freezing your credit--that seems like the thing to do right now. Do husband and wife have to do so separately?
Yes, if you live in California. I don't know about other states.
http://oag.ca.gov/idtheft/facts/freeze-your-credit
Does my spouse's file have to be frozen, too?
Yes, because of community property laws. Both spouses have to freeze their separate credit files, via separate requests, in order to get the benefit. That means the total cost for freezing for consumers under 65 years of age is $10 x 3 credit bureaus x 2 people = $60. For consumers 65 years of age or older, the total cost for freezing is $5 x 3 credit bureaus x 2 people = $30.
Best Wishes, | Joe
Caduceus
Posts: 2954
Joined: Mon Sep 17, 2012 1:47 am

Re: Target Breach, Updated

Post by Caduceus »

If I may ask ... why is freezing credit necessary? If all the thieves got were credit card numbers and personal info (without the SSN), then wouldn't it be OK just to cancel the cards and get new ones? Can they do anything else without the SSN?

Thanks.
Post Reply