Sunday, April 20, 2014
Credit and debit card information for more than 100,000 Maine shoppers may have been compromised in the nationwide data breach that struck the retail giant Target this holiday season, but the exact number is open to question and state officials say they have no idea what it may be.
Target has five stores in Maine, according to its website, in South Portland, above, and in Augusta, Bangor, Biddeford and Topsham. Target representatives have not said how many customers in Maine were affected.
Shawn Patrick Ouellette/Staff Photographer
Mia DiGiovanni, left, with Ashleigh Burgess outside of Target in South Portland, said she used a debit card to make recent purchases at Target, but as of Thursday, Target had yet to notify her about the data breach.
Shawn Patrick Ouellette/Staff Photographer
If you are concerned over whether your credit or debit card information was compromised in the Target data breach:
n Be diligent about reviewing your debit or credit card statements for suspicious transactions.
n If you suspect fraudulent activity on your card, immediately contact the financial institution that issued the card.
n Target has a hot line for customers’ questions and complaints related to the data theft at (866) 852-8680.
n Cases of identity theft also can be reported to the Maine Attorney General’s Office Consumer Protection Division at 626-8849.
n The state Department of Professional and Financial Regulation’s Bureau of Consumer Credit Protection can provide help or guidance. The bureau’s phone number is 624-8527, and an online complaint form is available at www.maine.gov/pfr/consumercredit/complaint_form.htm.
Source: Maine officials, Target
What is known is that for more than two weeks, data thieves stole credit and debit card numbers and security codes from every Target store in the country, affecting about 40 million consumers’ accounts, the company revealed Thursday.
Cybersecurity analysts in Maine urged Target shoppers to review their bank and credit card account statements for fraudulent activity, and Gov. Paul LePage offered help from state officials with consumer information and guidance.
At the Target store in South Portland, Mia DiGiovanni of Portland said she loves shopping at the discount retailer but is concerned that it isn’t doing enough to protect its customers.
“If somebody put that (card-reading) device in, then obviously they aren’t keeping a good eye on what is going on,” she said.
The card-data theft won’t stop her from shopping at Target, she said, “if they can rectify the situation ... and assure people that it’s never going to happen again.”
DiGiovanni said she used a debit card to make purchases at Target in the period from Nov. 27 to Dec. 15, when thieves were stealing data from the company’s systems. Under Maine law, businesses that suspect customers’ payment-card data has been compromised must “conduct in good faith a reasonable and prompt investigation,” and “give notice” that they suffered a breach. The law does not specify a time frame for that notification.
As of Thursday afternoon, Target had yet to notify DiGiovanni directly about the breach.
Carolyn Hemstedt of Brownfield said she had heard about the data theft but still decided to shop Thursday at the Target in South Portland.
“I feel confident that the transactions going through today are OK,” Hemstedt said. “Have they totally taken care of the problem? No.”
NUMBER OF MAINERS AFFECTED UNCLEAR
Minneapolis-based Target Brands Inc. said hackers stole information from as many as 40 million credit and debit cards that were used to make purchases at its stores in the U.S. beginning Nov. 27, as the holiday shopping season got into high gear. Card security was restored by Dec. 15, and transactions at Target are now safe, the company said in a news release. Online transactions at Target.com were not affected, the company said.
Target representatives have not specified how many customers in Maine were affected, and did not return calls seeking comment.
Without more specific information, it is difficult to determine how many Maine shoppers may have been affected.
If an equal number of cards were compromised at each of Target’s roughly 1,800 U.S. stores, it would work out to about 111,000 at the retailer’s five stores in Maine. Based on another estimate – that one in 10 Americans were affected by the breach – the number in Maine would total about 130,000.
Lloyd LaFountain III, superintendent of the state Bureau of Financial Institutions, said the actual number of Mainers affected is probably lower, based on the assumption that Target stores in Maine have less customer traffic on average than stores in more densely populated states.
The stolen data included each card holder’s name, card number, expiration date and three-digit security code, according to Target. That’s all a thief would need to sell the information on the black market or use it to drain card holders’ accounts, local analysts said.
Target customers in Maine should monitor activity on potentially compromised accounts and contact the card issuer immediately if they notice fraudulent transactions, they said.
(Continued on page 2)
click image to enlarge
A customer signs after using his credit card. The data stolen recently included each user’s name, card number, expiration date and three-digit code.
2008 Associated Press file photo