Friday, December 20, 2013

Target Data Breach: What to do if you've been affected

Yesterday Target disclosed that it was the victim of a cyber attack.  The cybercriminals were able to obtain the credit/debit card numbers of approximately 40 million people between 2013-11-27 and 2013-12-15.  If you or someone from your organization shopped at Target, using either a personal or company card, between those dates there's a good chance you may have been impacted.

According to Target the thieves were able to capture the following info from customers credit/debit cards:
  • Cardholders name
  • Card number
  • Card expiration date
  • Card CVV (security) code

As of this writing Target has not stated whether other PII; SSN's, addresses ... had been breached.  Regardless, with what has already disclosed a thief has enough to begin making purchases with your card information.

If you think you or your firm may be a victim of this data breach consider taking the following steps:

Contact Target Directly

Target has set up the following two ways to contact them regarding the data breach
  • Phone - 866-852-8680
  • Website - Great source of information with an excellent set of FAQ's to assist customers.

Bank/Card Issuer

  1. Begin monitoring your account(s) immediately. Do not wait for your monthly statement, use online or mobile app's to access your account.
    1. If you notice any unauthorized activity contact your bank immediately to dispute the charges.  Consumers are not responsible for charges incurred when the card has been stolen.  SMB's may not be afforded the same level of protection as consumers so make sure any unauthorized charges are addressed as soon as they are discovered.
    2. Look for "microcharges".  These are small purchases, usually under $5USD that cybercriminals use to verify the card is valid.  Once validated the cybercriminal can sell the card data at a premium.
    3. Also be aware of whats called "bust out" activity.  This is when a cybercriminal attempts to purchase as much as possible on your card as quickly as they can.
  2. File a fraud report with your bank/card issuer.
  3. If applicable, call your bank/card issuer and either have your PIN changed or have them issue you a new card or cards.
    1. Don't forget to update any information that references the old accounts, i.e. automated payment methods
  4. If available, configure email/text alerts for your account.  This service provided by most banks will alert you via email/text message when your account has been charged.

 Credit Bureau

  1. Contact the 3 major credit reporting agencies
    1. Equifax - 800-525-6285
    2. TransUnion - 800-680-7289
    3. Experian - 888-397-3742
  2. Consider enabling a fraud alert or credit freeze.  Talk to the credit bureau's representative and decide what the best option is for you or your organization.
  3. Obtain a credit report from each credit bureau.  Upon receipt thoroughly review the information in them and take any corrective measures that may be needed.

 Additional Steps
 

If you have confirmed you are a victim.
  1. Contact the Federal Trade commission (FTC) at 877-438-4338 or their website to file an Identity Theft Fraud Report.  Remember to print your ID Theft Affitdavit as you will need it to dispute any adverse effects
  2. Take the ID Theft Affidavit to your local police and ask them to file a ID Theft Report.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)