Thursday, April 24, 2014

Target says about 40M credit and debit card accounts may have been affected by data breach

MINNEAPOLIS — Target says about 40 million credit and debit card accounts may have been affected by a data breach linked to recent purchases in its U.S. stores.
The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15.

That includes the busy Black Friday shopping period surrounding the U.S. Thanksgiving holiday, which was on Nov. 28.
The discount retailer didn’t immediately specify where the affected stores were located except that they were in the United States.
Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, Target’s chairman, president and chief executive officer.
“We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target has 1,797 U.S. stores and 124 in Canada.
The company has only been operating stores in Canada since March, when it began a long-planned national rollout in southern Ontario.
Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx, Marshall’s and Winners, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn’t detected until December 2006.
In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.

More stories