Target nailed in massive credit card breach: What to do if you shopped there

What should I buy at the card shop

Black Friday was a black eye for the national retailer Target, and if you shopped at Target between Nov. 27 and Dec. 15, you’d better check your bank statement for suspicious charges. In one of the most ambitious and large-scale credit card capers of all time, cyberthieves have swiped the credit card and debit card numbers of as many as — are you sitting down? — 40 million Target customers.

If you used a credit or debit card during the 18-day period between Thanksgiving and mid-December, it is quite likely these hackers have your card’s number and expiration date. They also have your name and home address. They even have the three-digit security number on the back of your card. They know if your credit’s bad or good, so be cautious for goodness’ sake.

Target was hit with a massive theft of credit card numbers on Black Friday, and the heist continued until the company noticed the problem late this past weekend. “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence,” Target CEO Gregg Steinhafel said in a statement Thursday morning. “We regret any inconvenience this may cause.”

The theft does not affect cards used online at Target.com, only those cards physically used in checkout registers at Target stores.

Target has not admitted how the breach occurred, but retail security wiz Paula Rosenblum at Forbes is able to connect the dots based on her own past analyses.

“The thieves captured magnetic stripe data from customers swiping their cards to complete their purchases,” Rosenblum writes. “The technique is called ‘skimming’ and is accomplished by thieves adding a small chip into the credit card readers typically attached to cash registers. Because the chip is right at the device, there’s no need to infiltrate the company’s systems. The chip grabs the information right up front.”

In other words, a device was implanted in Target credit card readers to steal the data. Considering that this requires access to the machines and replication across enough registers to get 40 million card numbers, it is reasonable to assume this was an inside job — one involving several different layers of access to company systems.

If you shopped at Target during Black Friday weekend or after, the Better Business Bureau has a set of guidelines for what to do if you used your card. The primary piece of advice is to check your card statements for any fraudulent charges.

You are not liable for any fraudulent charges made to your card. But if a fraudulent charge was made, do yourself a favor and get that card replaced ASAP.