December 20, 2013

Thousands of Mainers’ card data may have been stolen at Target

Customers in the state – up to 100,000 or more – are told to watch accounts for odd charges.

By J. Craig Anderson canderson@pressherald.com
Staff Writer

(Continued from page 1)

Today's poll: Data breach

Have data breaches like the one at Target stores caused you to make purchases with cash rather than cards?

Yes

No

View Results

click image to enlarge

Target has five stores in Maine, according to its website, in South Portland, above, and in Augusta, Bangor, Biddeford and Topsham. Target representatives have not said how many customers in Maine were affected.

Shawn Patrick Ouellette/Staff Photographer

click image to enlarge

Mia DiGiovanni, left, with Ashleigh Burgess outside of Target in South Portland, said she used a debit card to make recent purchases at Target, but as of Thursday, Target had yet to notify her about the data breach.

Shawn Patrick Ouellette/Staff Photographer

Additional Photos Below

Related headlines

TIP FOR TARGET SHOPPERS

If you are concerned over whether your credit or debit card information was compromised in the Target data breach:

n Be diligent about reviewing your debit or credit card statements for suspicious transactions.

n If you suspect fraudulent activity on your card, immediately contact the financial institution that issued the card.

n Target has a hot line for customers’ questions and complaints related to the data theft at (866) 852-8680.

n Cases of identity theft also can be reported to the Maine Attorney General’s Office Consumer Protection Division at 626-8849.

n The state Department of Professional and Financial Regulation’s Bureau of Consumer Credit Protection can provide help or guidance. The bureau’s phone number is 624-8527, and an online complaint form is available at www.maine.gov/pfr/consumercredit/complaint_form.htm.

Source: Maine officials, Target

NOTICES TO CARD HOLDERS, PRECAUTIONS

Just because a card number is compromised doesn’t mean the card holder will become a victim of identity theft, said Maine Assistant Attorney General Linda Conti.

“They shouldn’t assume ... that they have to get a new card,” Conti said. “In fact, the bank will issue a new card if they think it is necessary.”

Gov. LePage issued a statement warning Mainers who shopped at Target recently to be vigilant and seek help from the state Department of Professional and Financial Regulation.

“I encourage people to closely monitor their credit and debit card statements, and to contact the financial institution that issued the card promptly if questionable charges appear,” LePage said.

Joshua Silver, a shareholder in the Portland law firm Bernstein Shur and a cybersecurity specialist, said Mainers who are affected by the breach are likely to receive notification from the issuers of their cards within the next 30 to 60 days.

When necessary, a card issuer may automatically cancel compromised cards and issue new ones, he said.

Target may offer services, such as a year of free credit monitoring, to help customers deal with the data breach, Silver said.

Card-data theft from retailers and other businesses has become “incredibly common,” he said, but only the larger incidents draw media attention.

“There are breaches on much smaller scales that happen every single day,” Silver said.

HOW DATA IS OFTEN STOLEN, SOLD

Edward Sihler, another cybersecurity expert in Maine, said data thieves usually infect a retailer’s point-of-sale system with malware, computer programs that capture card information and transmit it over the Internet to the hackers.

Given that Target is a huge company with tremendous resources for data security, it’s likely the card-number theft was an inside job, said Sihler, technical director of the Maine Cybersecurity Center at the University of Southern Maine.

“It’s entirely possible it’s a disgruntled employee,” he said.

The tools needed to pull off a card-data heist are for sale on the Internet, Sihler said. “You don’t have to be a rocket scientist to do this,” he said.

Once the card data has been obtained, it can be sold on black-market websites for about $1 per card, Sihler said.

The data can be used to make purchases online, he said. Thieves are particularly fond of buying gift cards because they can be sold for cash, he said.

Debit cards are even more vulnerable than credit cards, Sihler said, because the information can be used to make counterfeit cards that work in ATMs.

J. Craig Anderson can be contacted at 791-6390 or at:

canderson@pressherald.com

Twitter: @jcraiganderson 

Were you interviewed for this story? If so, please fill out our accuracy form

Send question/comment to the editors


Additional Photos

click image to enlarge

A customer signs after using his credit card. The data stolen recently included each user’s name, card number, expiration date and three-digit code.

2008 Associated Press file photo

  


Further Discussion

Here at PressHerald.com we value our readers and are committed to growing our community by encouraging you to add to the discussion. To ensure conscientious dialogue we have implemented a strict no-bullying policy. To participate, you must follow our Terms of Use.

Questions about the article? Add them below and we’ll try to answer them or do a follow-up post as soon as we can. Technical problems? Email them to us with an exact description of the problem. Make sure to include:
  • Type of computer or mobile device your are using
  • Exact operating system and browser you are viewing the site on (TIP: You can easily determine your operating system here.)


Today's poll: Data breach

Have data breaches like the one at Target stores caused you to make purchases with cash rather than cards?

Yes

No

View Results