Saturday, March 8, 2014
(Continued from page 1)
Target has five stores in Maine, according to its website, in South Portland, above, and in Augusta, Bangor, Biddeford and Topsham. Target representatives have not said how many customers in Maine were affected.
Shawn Patrick Ouellette/Staff Photographer
Mia DiGiovanni, left, with Ashleigh Burgess outside of Target in South Portland, said she used a debit card to make recent purchases at Target, but as of Thursday, Target had yet to notify her about the data breach.
Shawn Patrick Ouellette/Staff Photographer
If you are concerned over whether your credit or debit card information was compromised in the Target data breach:
n Be diligent about reviewing your debit or credit card statements for suspicious transactions.
n If you suspect fraudulent activity on your card, immediately contact the financial institution that issued the card.
n Target has a hot line for customers’ questions and complaints related to the data theft at (866) 852-8680.
n Cases of identity theft also can be reported to the Maine Attorney General’s Office Consumer Protection Division at 626-8849.
n The state Department of Professional and Financial Regulation’s Bureau of Consumer Credit Protection can provide help or guidance. The bureau’s phone number is 624-8527, and an online complaint form is available at www.maine.gov/pfr/consumercredit/complaint_form.htm.
Source: Maine officials, Target
NOTICES TO CARD HOLDERS, PRECAUTIONS
Just because a card number is compromised doesn’t mean the card holder will become a victim of identity theft, said Maine Assistant Attorney General Linda Conti.
“They shouldn’t assume ... that they have to get a new card,” Conti said. “In fact, the bank will issue a new card if they think it is necessary.”
Gov. LePage issued a statement warning Mainers who shopped at Target recently to be vigilant and seek help from the state Department of Professional and Financial Regulation.
“I encourage people to closely monitor their credit and debit card statements, and to contact the financial institution that issued the card promptly if questionable charges appear,” LePage said.
Joshua Silver, a shareholder in the Portland law firm Bernstein Shur and a cybersecurity specialist, said Mainers who are affected by the breach are likely to receive notification from the issuers of their cards within the next 30 to 60 days.
When necessary, a card issuer may automatically cancel compromised cards and issue new ones, he said.
Target may offer services, such as a year of free credit monitoring, to help customers deal with the data breach, Silver said.
Card-data theft from retailers and other businesses has become “incredibly common,” he said, but only the larger incidents draw media attention.
“There are breaches on much smaller scales that happen every single day,” Silver said.
HOW DATA IS OFTEN STOLEN, SOLD
Edward Sihler, another cybersecurity expert in Maine, said data thieves usually infect a retailer’s point-of-sale system with malware, computer programs that capture card information and transmit it over the Internet to the hackers.
Given that Target is a huge company with tremendous resources for data security, it’s likely the card-number theft was an inside job, said Sihler, technical director of the Maine Cybersecurity Center at the University of Southern Maine.
“It’s entirely possible it’s a disgruntled employee,” he said.
The tools needed to pull off a card-data heist are for sale on the Internet, Sihler said. “You don’t have to be a rocket scientist to do this,” he said.
Once the card data has been obtained, it can be sold on black-market websites for about $1 per card, Sihler said.
The data can be used to make purchases online, he said. Thieves are particularly fond of buying gift cards because they can be sold for cash, he said.
Debit cards are even more vulnerable than credit cards, Sihler said, because the information can be used to make counterfeit cards that work in ATMs.
J. Craig Anderson can be contacted at 791-6390 or at:
click image to enlarge
A customer signs after using his credit card. The data stolen recently included each user’s name, card number, expiration date and three-digit code.
2008 Associated Press file photo