Target Credit Card Breach Leads to Lawsuits

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK (CNNMoney) — The major hack of discount retailer Target that stole credit and debit card data from 40 million accounts was still reverberating several days later.

Target acknowledged the hack on Thursday — three weeks after customer data was first scooped up on Black Friday.

On Sunday, Target spokeswoman Molly Snyder said the company had notified millions of affected customers for whom it had email addresses.

Major banks and card issuers said they were monitoring customer accounts. JPMorgan Chase said it would limit the amount customers could withdraw from ATMs and spend in stores.

Two U.S. senators jumped in with demands for investigations.

Chuck Schumer called on the Consumer Financial Protection Bureau to report on whether retailers should be required to encrypt customer card data. Richard Blumenthal called for a Federal Trade Commission probe, saying “it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information.”

Meanwhile, plaintiffs in California sought to bring a class action and said Target “failed to implement and maintain reasonable security procedures and practices.” Local media reported that another lawsuit was filed in a Rhode Island federal court.

What was stolen? The hack affected customers who shopped at U.S. Target stores between November 27 and December 15, Target said.

Customer names, credit or debit card numbers, expiration dates and CVVs were involved in the information theft, Target said. The CVV — the card verification value, also known as the security code — is a three or four-digit number typically requested by retailers when making purchases online or over the phone.

Hackers could use this data to make card replicas. Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.

PIN numbers, other customer information like Social Security numbers, and employee records were not compromised, Target said.

What is Target doing? Target said it would offer affected customers a free credit monitoring service and set up a telephone hotline. It also offered a store-wide 10% discount on Saturday and Sunday.

The company said it “began investigating the incident as soon as we learned of it” through a “leading third-party forensics firm.” The company said it also notified banks and law enforcement.

The Secret Service, which safeguards the nation’s financial systems, said it was investigating, and on Friday, New York Attorney General Eric Schneiderman pledged to investigate.

CEO Gregg Steinhafel said “the cause of this issue has been addressed and you can shop with confidence at Target.” He did not say how he knew customer data was no longer being stolen, nor how the hackers managed to swipe the credit card data.

How do you know if you were hacked? The easiest way to spot unauthorized purchases is to regularly check your paper or online statement. Sometimes hackers ping an account for only few cents to verify they have an active account.

Hacked or not, what should you do? If you shopped at Target between November 27 and December 17, you should call your credit card company, bank and Target. Request a replacement card — if one isn’t already on the way — and change your PIN.

Customers typically aren’t liable for unauthorized purchases on their accounts that they report promptly. Major banks and credit card companies — including American Express, Discover, Bank of America, Wells Fargo and PNC — said they were monitoring customer accounts.

J.P. Morgan Chase said it was temporarily limiting ATM withdrawals to $100 a day and purchases to $300 a day for customers whose accounts were at risk.

How did this happen? Many questions remain unanswered. But security experts believe hackers had access to the point-of-sale data, which means they either accessed the terminals where customers swiped credit cards or collected data as it moved from Target to credit card processors.

*CLICK to read much more on the breach.

9 comments

  • DatabaseBen

    i was signing up for targets red card and inputted lots of my confidential data over a number of their webpages. then the final thing to do was to accept the agreement before clicking that final button. fortunately i read the agreement very carefully and was disgusted that target would have the absolute right to share my information and whatever else their cash registers would collect, with anyone they wanted to. so i cancelled the sign up. but what is so disturbing is 1) they would share my information at will and 2) they would have to store all that information somewhere and who knows for how long. imo, target deserves to get sued and i have no sympathy for them because they asked for it! i do wonder however, if all the pages that i filled in “actually” got deleted off their servers. i mean, none of us would have the ability or the right to know the truth.

  • Rebecca

    Target is offering “10%” on anything except video games anything electronic and big ticketed items it’s such a joke. They have restrictions on what they are offering the 10% on. I was a loyal target customer but they just lost my business
    #neveragaintarget

  • Jyllian

    My credit card company noticed fraudulent activity on my account and sure enough my account had been hacked into! I had used my card at Target during the specified time. I’m frustrated because I was using that card for all of my Christmas shopping and had to figure something else out. Very annoying, especially during this time of the year!

    • DatabaseBen

      if i recall some high school law, class action lawsuits are created in any city where the harm was caused. so in effect, there can be 50 class actions lawsuits, ie each state, against one entity. then later, the lawyers for target will ask some judge to combine all the separate lawsuits into one big one, in the hopes that it will save money for everyone, ie the judicial system and target if they loose the one big case. if a judge refuses to combine all the cases into one, then target has many fires to battle and will end up loosing a lot more money. to begin a class action lawsuit, i would find an attorney in your area to begin the process. also, all the state attorney generals will likely bring lawsuits against target too – perhaps under the state consumer protection laws.

  • Edward Nedwons

    You think you live in a protective bubble? Having a credit card carries certain responsibilities, monitoring your bill is one of them, apparently most of you are not read for this.
    Yes, they are required by the credit card companies to be secure, but there is always a bad guy trying to get in, eventually they do…which brings us back to monitoring your bill…why do you think you are not responsible for the fraudulent charges…
    That knocking was reality, you should of answered it.

    • DatabaseBen

      the basis for the problem is/are not the card holders but the card archivers. once the transaction is approved by the banks, the transaction is completed and money is essentially transfered to target in 30 seconds. but in targets case, after they get their money then they are subsequently storing the financial data for days, months and maybe years without the customers consent and knowledge.

Comments are closed.