More from Target?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
ResearchMed
Posts: 11239
Joined: Fri Dec 26, 2008 11:25 pm

More from Target?

Post by ResearchMed »

Well...

We've just received a charming email from Target.

Among other things, it states:

"I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion."

This was apparently determined "late last week".

This is "interesting", because the last time we were in a Target store was in November, 2012, and before that? About 5 years earlier.
And I'm not sure when we last shopped there online. Ah, yes. Mid-summer, 2012. Definitely not recently.

And this was really appreciated:

"In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
- Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number."


Okay, obviously we made a big mistake sharing that information with YOU, Target!

It's really nice for them to chastise the customers as though WE inappropriately "shared" such information.

How, exactly, is one ever to do phone ordering, per Target's directive?
They seem to have forgotten to mention the critical bit about "if someone calls you" vs "if you call a known vendor". Big difference there.

We are trying to figure out how we managed to be on this list, if it was supposed to affect RECENT customers only.
Apparently not.


RM
Kerdaboy
Posts: 40
Joined: Wed May 11, 2011 2:41 pm

Re: More from Target?

Post by Kerdaboy »

Edit: My bad just saw the newest target email communication from 1-15-14
countdown
Posts: 114
Joined: Thu Jun 27, 2013 2:13 pm

Re: More from Target?

Post by countdown »

I think I shop at Target maybe 1-3 times per year for miscellaneous items. Unfortunately, it was around the Christmas season when the breach apparently occurred.

However, in fairness to Target, I didn't find their email insulting. I guess when we use anything but cash, it's a risk we assume, albeit small.

This is what I received today; a one-year credit monitoring subscription. This seems to be the remedy companies are providing their customers for these unacceptable breaches of security.


"Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
Delete texts immediately from numbers or names you don’t recognize.
Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Gregg Steinhafel

Chairman, President and CEO"
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

This has been covered in other threads, you know, the ones with Target (not date) in the title.

I got my email on Monday and posted. Today is Thursday. If you want to keep up, you have to keep up. The letter has been quoted before. In fact, as a tribute to the snip thread, I created a post this morning that had two complete copies, one being formatted much better than the other (it was also within a quote box as the letter was being quoted). I was hoping that someone would come along and quote my two complete letters post and add a third, but I didn't see it last I looked. :)

http://www.bogleheads.org/forum/viewtop ... 4#p1925174
User avatar
Topic Author
ResearchMed
Posts: 11239
Joined: Fri Dec 26, 2008 11:25 pm

Re: More from Target?

Post by ResearchMed »

sscritic wrote:This has been covered in other threads, you know, the ones with Target (not date) in the title.

I got my email on Monday and posted. Today is Thursday. If you want to keep up, you have to keep up. The letter has been quoted before. In fact, as a tribute to the snip thread, I created a post this morning that had two complete copies, one being formatted much better than the other (it was also within a quote box as the letter was being quoted). I was hoping that someone would come along and quote my two complete letters post and add a third, but I didn't see it last I looked. :)

http://www.bogleheads.org/forum/viewtop ... 4#p1925174
I'm more concerned about the statements that the "breach" affected RECENT customers.

We haven't dealt with Target since 2012, in person, online, or by phone.

RM
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

When you buy online, you need to create an account. I keep a record of mine. Target is not among them. I get emails advertising products from almost all of them (hint: do not use two email addresses, or at least do not give them both to the same company. I always enjoy my double dip of J. Crew every morning in my inbox). Target is not among the senders of emails to me.

So how did they even get my email address? How did they get yours? Think affiliates. Think of the privacy and sharing options that companies send you all the time.

In my case, I am guessing it is ancient history. I had a Mervyn's charge card. Don't you miss Mervyn's? I do.

P.S. I am older than dirt. 2012 is very recent.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

Even older:

I had a Dayton's charge card in 1970, but I didn't have an email address then. Now if they had sent me a snail mail letter to my student address in Minneapolis, I would have been really impressed with their outreach attempt.
User avatar
tuningfork
Posts: 562
Joined: Wed Oct 30, 2013 8:30 pm

Re: More from Target?

Post by tuningfork »

ResearchMed wrote:I'm more concerned about the statements that the "breach" affected RECENT customers.

We haven't dealt with Target since 2012, in person, online, or by phone.

RM
The initial reports of the theft of card data affected customers who shopped at target during a recent period in Nov and Dec. Last week Target announced they had discovered a more widespread theft of personal data from their customer database that may have included any customers who shopped at Target online at any time in the past.

From http://money.cnn.com/2014/01/10/news/co ... t-hacking/
Target said the personal data stolen could affect its past shoppers -- not just those who have visited the store recently.
Caduceus
Posts: 2892
Joined: Mon Sep 17, 2012 1:47 am

Re: More from Target?

Post by Caduceus »

What is really weird is that the last time I shopped at Target was in 2010. The email was sent to an old email account that I haven't used for online purchases in a long while. Out of curiosity, I then pulled up all my credit card statements and went through them. Since I go to the same places and do all my necessary shopping at the same time, it didn't take long to confirm I haven't shopped at Target in nearly three years. (And of all things, for something that cost less than 5 dollars, probably floss ... !!!)

I don't have a Target debit card and I don't maintain an account with Target (actually I always shop if possible as a "guest" for precisely this reason ...). Also, I'm fairly certain (though not 100% sure) that I never revealed that email address in question to Target, so the whole thing is more than a little odd.

I've also always unsubscribed from affiliate marketing within one week of every credit card that I've received by calling the number provided. Maybe they didn't honor my preferences. So much for being a good citizen ...

In any case, my credit card companies have confirmed I am not on the list of compromised accounts that Target sent to the cc companies, even though I received the email. If you call them, they will tell you if you're on that list.
Last edited by Caduceus on Thu Jan 16, 2014 8:56 pm, edited 1 time in total.
User avatar
Topic Author
ResearchMed
Posts: 11239
Joined: Fri Dec 26, 2008 11:25 pm

Re: More from Target?

Post by ResearchMed »

tuningfork wrote:
ResearchMed wrote:I'm more concerned about the statements that the "breach" affected RECENT customers.

We haven't dealt with Target since 2012, in person, online, or by phone.

RM
The initial reports of the theft of card data affected customers who shopped at target during a recent period in Nov and Dec. Last week Target announced they had discovered a more widespread theft of personal data from their customer database that may have included any customers who shopped at Target online at any time in the past.

From http://money.cnn.com/2014/01/10/news/co ... t-hacking/
Target said the personal data stolen could affect its past shoppers -- not just those who have visited the store recently.
Thanks very much.

I missed that.
I guess I had (no offense to your screen name!) tuned out "anything Target", because I couldn't immediately remember dealing with them at all "recently", and certainly nowhere near this fall/winter.

I was starting to think about getting the type of charge card account that can generate "one time only use" card numbers [is that still available anywhere?], but I'm more concerned about the address-type information than "just" the card number. So that probably wouldn't help anyway.

If "they" (the hackers of various stripes) are getting into larger databases, it's no longer sounding much like having "chip cards" is going to be such a wonderful solution.

RM
goodenoughinvestor
Posts: 295
Joined: Fri Aug 09, 2013 10:33 am

Re: More from Target?

Post by goodenoughinvestor »

Pet peeve--I loathe it when companies refer to customers as "guests" as Target does in this letter (and yes, I received the email this morning, though I don't think I've shopped at Target for a few years). It sounds so transparently manipulative and creepy. But I have to assume that most people don't agree with me--Target wouldn't be using the term unless they knew it increased sales. The word creates real dissonance in the Target letter because the bad guys are called flat-out "criminals"--no euphemism or nicety there. But shoppers are "guests."
peppers
Posts: 1499
Joined: Tue Oct 25, 2011 7:05 pm

Re: More from Target?

Post by peppers »

sscritic wrote:When you buy online, you need to create an account. I keep a record of mine. Target is not among them. I get emails advertising products from almost all of them (hint: do not use two email addresses, or at least do not give them both to the same company. I always enjoy my double dip of J. Crew every morning in my inbox). Target is not among the senders of emails to me.

So how did they even get my email address? How did they get yours? Think affiliates. Think of the privacy and sharing options that companies send you all the time.

In my case, I am guessing it is ancient history. I had a Mervyn's charge card. Don't you miss Mervyn's? I do.

P.S. I am older than dirt. 2012 is very recent.
IIRC...the expression was... I'm as good as gold but older than dirt. :)
"..the cavalry ain't comin' kid, you're on your own..."
jebmke
Posts: 12306
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: More from Target?

Post by jebmke »

sscritic wrote:When you buy online, you need to create an account. I keep a record of mine. Target is not among them. I get emails advertising products from almost all of them (hint: do not use two email addresses, or at least do not give them both to the same company. I always enjoy my double dip of J. Crew every morning in my inbox). Target is not among the senders of emails to me.

So how did they even get my email address? How did they get yours? Think affiliates. Think of the privacy and sharing options that companies send you all the time.

In my case, I am guessing it is ancient history. I had a Mervyn's charge card. Don't you miss Mervyn's? I do.

P.S. I am older than dirt. 2012 is very recent.
This may explain why they would appear to have the info on roughly one-third of the living people in the US. Even with the six degrees of separation from Target, it still doesn't seem possible. Did that many people shop at a Target or affiliate between November and December?
When you discover that you are riding a dead horse, the best strategy is to dismount.
countdown
Posts: 114
Joined: Thu Jun 27, 2013 2:13 pm

Re: More from Target?

Post by countdown »

'This has been covered in other threads, you know, the ones with Target (not date) in the title.
I got my email on Monday and posted. Today is Thursday. If you want to keep up, you have to keep up. '
...

Sorry, sscritic, I didn't see the other thread(s). Got my email today and wasn't following it.
:happy
Mudpuppy
Posts: 6674
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: More from Target?

Post by Mudpuppy »

jebmke wrote:
sscritic wrote:When you buy online, you need to create an account. I keep a record of mine. Target is not among them. I get emails advertising products from almost all of them (hint: do not use two email addresses, or at least do not give them both to the same company. I always enjoy my double dip of J. Crew every morning in my inbox). Target is not among the senders of emails to me.

So how did they even get my email address? How did they get yours? Think affiliates. Think of the privacy and sharing options that companies send you all the time.

In my case, I am guessing it is ancient history. I had a Mervyn's charge card. Don't you miss Mervyn's? I do.

P.S. I am older than dirt. 2012 is very recent.
This may explain why they would appear to have the info on roughly one-third of the living people in the US. Even with the six degrees of separation from Target, it still doesn't seem possible. Did that many people shop at a Target or affiliate between November and December?
Welcome to the world of big data, where once your information enters a database, it never leaves....

In all seriousness, this is not too surprising. Marketing companies love to have access to this sort of data. Entire software companies exist to merge data from multiple sources and unify it into one massive database. There is no compelling reason to delete entries from that database, even when the entries are known to be out-of-date. Consider the amount of junk mail people receive for deceased people who have been deceased for years or even over a decade. If you ever put the information down on a form or told it to a cashier, just expect it to be out there. The cat is out of the bag.

Once you come to terms with your information being out there, it becomes a bit easier to not lose sleep over things like the Target breach. You focus more on things within your power, such as freezing your credit files to keep people from taking out new lines of credit in your name and reviewing your transactions for fraudulent ones.

Something like this will happen again (and I'm still convinced that Target was not the only retailer hit, just the first retailer to come public), so there's no use worrying about how the information got out there. Focus on containing the consequences of the information being out there instead.
pinecrest
Posts: 678
Joined: Fri Feb 15, 2013 10:51 pm

.....

Post by pinecrest »

.....
Last edited by pinecrest on Mon Feb 24, 2014 6:56 pm, edited 1 time in total.
jebmke
Posts: 12306
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: More from Target?

Post by jebmke »

pinecrest wrote:
Mudpuppy wrote:
Welcome to the world of big data, where once your information enters a database, it never leaves....
Cue Hotel California...
I thought it was the Roach Motel.
When you discover that you are riding a dead horse, the best strategy is to dismount.
User avatar
VictoriaF
Posts: 19549
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: More from Target?

Post by VictoriaF »

jebmke wrote:
pinecrest wrote:
Mudpuppy wrote:
Welcome to the world of big data, where once your information enters a database, it never leaves....
Cue Hotel California...
I thought it was the Roach Motel.
Nowadays, roaches are replaced by viruses and worms.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
jebmke
Posts: 12306
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: More from Target?

Post by jebmke »

Mudpuppy wrote:Something like this will happen again (and I'm still convinced that Target was not the only retailer hit, just the first retailer to come public), so there's no use worrying about how the information got out there. Focus on containing the consequences of the information being out there instead.
I agree. This will continue. I think one has to change from the castle and moat view of the world. You should assume that a system or network can be compromised.
When you discover that you are riding a dead horse, the best strategy is to dismount.
User avatar
nisiprius
Advisory Board
Posts: 42895
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: More from Target?

Post by nisiprius »

Mudpuppy wrote:...I'm still convinced that Target was not the only retailer hit, just the first retailer to come public...
+1

http://baltimore.cbslocal.com/2014/01/1 ... ta-breach/

"Hackers have now hit Neiman Marcus and at least three other stores... Reuters reports three more well-known retailers have also been breached. Sources declined to name the stores..."
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
ab80
Posts: 112
Joined: Wed Jul 17, 2013 2:35 pm

Re: More from Target?

Post by ab80 »

countdown wrote:However, in fairness to Target, I didn't find their email insulting. I guess when we use anything but cash, it's a risk we assume, albeit small.
(Didn't read the whole thread yet.) Whenever I go there and pay with cash, they give me a weird look and use one of those counterfeit money detector pens, even for a small transaction of $40 or $60. Sad world. Could just be the local target where I live, but it doesn't send a very welcoming message.
Mudpuppy
Posts: 6674
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: More from Target?

Post by Mudpuppy »

nisiprius wrote:
Mudpuppy wrote:...I'm still convinced that Target was not the only retailer hit, just the first retailer to come public...
+1

http://baltimore.cbslocal.com/2014/01/1 ... ta-breach/

"Hackers have now hit Neiman Marcus and at least three other stores... Reuters reports three more well-known retailers have also been breached. Sources declined to name the stores..."
I should put this out there too. As someone in the security field, I am actually proud of how quickly Target went public with the attack. Usually, corporations have to be dragged kicking and screaming into revealing a compromise. In the case of a compromise that results in regulatory disclosure of the attack (e.g. "your information may have been stolen" letters to customers), most corporations put off the disclosure as long as possible citing ongoing investigations. It might be months down the road before the corporation actually sends out notification about the compromise.

That Target is revealing things during the investigation and so close to discovering the breach is rather refreshing. I don't know if that is reflective of a choice made by Target corporate or if Brian Krebs was given too big of a scoop and Target decided to go public rather than be evasive, but in either case, it's unusual and should be applauded. Instead, people are running away from their stores and visiting other stores that could very well be victims of the same attack (or similar attacks), but are just putting off disclosure until the last possible moment to "save face". *sigh*
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

Mudpuppy wrote: people are running away from their stores and visiting other stores that could very well be victims of the same attack (or similar attacks), but are just putting off disclosure until the last possible moment to "save face". *sigh*
And just because I can and because yesterday was the 20th anniversary of the Northridge earthquake, I want to mention all those people who ran away from Northridge after the earthquake. I stayed, figuring I was safe for another 50 if not 100 years. I believe Target is going to be a safer place to shop than many others, just because of this event.

P.S. I know I was being irrational and that earthquakes probably follow a Poisson process, but stay I did.
jbreittling
Posts: 121
Joined: Sun Jul 15, 2012 9:48 pm

Re: More from Target?

Post by jbreittling »

I would like to sue Target. I received a new credit card from Discover where they stated that my information was apparently part of the stolen data. Like many, I haven't used my Discover card at Target during the supposed timeframe when the data was stolen.
User avatar
JMacDonald
Posts: 2343
Joined: Mon Feb 19, 2007 5:53 pm

Re: More from Target?

Post by JMacDonald »

Here is an interesting article about Target: http://www.nytimes.com/2014/01/18/busin ... iness&_r=0
A Sneaky Path Into Target Customers’ Wallets
Target had no clue until the Secret Service alerted the company about two weeks before Christmas.
I received my email from Target, and I have not done any shopping there for months. I am going to put a freeze on my credit.
Best Wishes, | Joe
AllySK
Posts: 42
Joined: Sun Jan 06, 2013 5:01 pm

Re: More from Target?

Post by AllySK »

I got the same email from Target, and wondered how they got my email address. Searched through my inbox, and it looks like I bought something from Target.com in 2009. Ha.
python99
Posts: 57
Joined: Fri Feb 15, 2013 1:15 pm

Re: More from Target?

Post by python99 »

The ultimate irony is that Target lost its customers data, so they want to try to make it right....with one year of credit & identity watch...sounds good..we then send you to a sign up sight that requests you to provide "..Name, address, date of birth and Social Security number which are required.

Sure you just lost my debit/credit card and pin along with my email addresses and who knows what else....and now you want me to provide you (over the web no less) my Name, address, date of birth and Social Security number.......good luck with that one.
peppers
Posts: 1499
Joined: Tue Oct 25, 2011 7:05 pm

Re: More from Target?

Post by peppers »

Interested in more but not Target?

We were notified in late 2013 that an office/outpatient facility of a major hospital, Chicago area, was broken into and several computers were stolen. Individual letters came addressed to myself, my wife and to each of our four children. They offered the free credit monitoring report for a year.

Thing is, it's been over 10 years since any of our children used this facility.
"..the cavalry ain't comin' kid, you're on your own..."
placeholder
Posts: 4410
Joined: Tue Aug 06, 2013 12:43 pm

Re: More from Target?

Post by placeholder »

jbreittling wrote:I would like to sue Target. I received a new credit card from Discover where they stated that my information was apparently part of the stolen data. Like many, I haven't used my Discover card at Target during the supposed timeframe when the data was stolen.
So what are your damages?
Caduceus
Posts: 2892
Joined: Mon Sep 17, 2012 1:47 am

Re: More from Target?

Post by Caduceus »

[Why can't I delete this post? Weird]
Last edited by Caduceus on Sun Jan 19, 2014 3:01 pm, edited 2 times in total.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

placeholder wrote: So what are your damages?
I had to open an email. That must be worth about 1 mill.
Caduceus
Posts: 2892
Joined: Mon Sep 17, 2012 1:47 am

Re: More from Target?

Post by Caduceus »

Just out of curiosity ... how does one assign liability for identity theft anyway? Let's say that 10 years later as a result of some corporation's breach, someone's identity gets stolen ... but in the meantime, four different companies suffer similar breaches ... who is responsible for the damage then? It would be hard to pinpoint a single event as the cause of the theft.
sscritic
Posts: 21858
Joined: Thu Sep 06, 2007 8:36 am

Re: More from Target?

Post by sscritic »

Caduceus wrote:Just out of curiosity ... how does one assign liability for identity theft anyway?
I would assign it to the person who stole my identity. That's what the police and courts do.

Here is the Department of Justice. Look for the word criminals.
Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places, for example, criminals may engage in "shoulder surfing" ­ watching you from a nearby location as you punch in your telephone calling card number or credit card number ­ or listen in on your conversation if you give your credit-card number over the telephone to a hotel or rental car company.

Even the area near your home or office may not be secure. Some criminals engage in "dumpster diving" ­ going through your garbage cans or a communal dumpster or trash bin -- to obtain copies of your checks, credit card or bank statements, or other records that typically bear your name, address, and even your telephone number. These types of records make it easier for criminals to get control over accounts in your name and assume your identity.
Mudpuppy
Posts: 6674
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: More from Target?

Post by Mudpuppy »

Caduceus wrote:[Why can't I delete this post? Weird]
Someone posted too quickly after you. Once there's a post after you, you cannot delete. You can only edit then.
Post Reply