FORT WAYNE, Ind. (21Alive) -- If you shopped at Target between Thanksgiving and this past Sunday, Target had a massive security breach.
Hackers stole the credit card numbers of up to 40 million people who shopped in their stores.
You should monitor your credit and debit card statements online, and dispute any purchases you did not make.
“You do have some potential liability with a debit card if you do not respond within 60 days. So we highly encourage people that used a debit card and have fraudulent transactions to notify the debit card provider within the 60 day time period to avoid potential liability,” says Greg Smitley, CEO of the Better Business Bureau.
Smitley also says you should not open any email claiming to be from Target or the institution that issued your card.
He says it would probably be scammers looking for your information.
NATIONAL (ABC News) -- Target says information from approximately 40 million of its customer credit and debit cards swiped in stores may have been compromised by a data breach during the height of the holiday shopping season.
The data breach occurred between Nov. 27 and Dec. 15, 2013, at U.S. stores, Target said in a statement this morning. Target said it immediately contacted authorities and financial institutions once it became aware of the breach. The Minneapolis based-company said it was teaming with a third-party forensics firm to investigate the breach.
"Target's first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
The U.S. Secret Service is investigating but declined to provide further details.
Brian Krebs, who first broke the story for KrebsOnSecurity.com Wednesday, said the breach couldn't have come at a worse time for shoppers and Target.
"I can't think of another day in the calendar when target or anyone else could expect to have more people in stores. More deals, traffic, more swipes -- perfect day to launch an attack," Krebs told ABC News.
Krebs said the breach involved the data stored on the magnetic strip of cards used only in stores and not online. The breach, said Krebs, may extend to nearly all of the 1,797 Target stores nationwide.
"The information that's stored on the magnetic strip -- name, card number, expiration date, other info -- if bad guys can steal that card ... they can actually create a second copy," Krebs said.
If thieves can create a second copy and were able to intercept a PIN number, that could allow them to withdraw money from ATMs, said Krebs.
Customers who may have been affected should pay extra attention to their debit and credit card statements, said Krebs.
"Advice to customers -- be vigilant, pay attention to your statement if something doesn't look right," Krebs cautioned. "Whether or not you feel like you might be impacted by this breach, it's a really good idea, particularly around this time of year, to pay attention to what's on your debit and credit card statements."
While consumers will likely be reimbursed for any fraudulent charges, the refund might not come until after Christmas, creating another headache for shoppers.
We wanted to make you aware of unauthorized access to Target payment card data. The unauthorized access may impact guests who made credit or debit card purchases in our U.S. stores from Nov. 27 to Dec. 15, 2013. Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident.
We began investigating the incident as soon as we learned of it. We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).
We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future. Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts.
We recommend that you closely review the information provided in this letter for some steps that you may take to protect yourself against potential misuse of your credit and debit information. You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports. If you discover any suspicious or unusual activity on your accounts or suspect fraud, be sure to report it immediately to your financial institutions. In addition, you may contact the Federal Trade Commission (“FTC”) or law enforcement to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s Web site, at www.consumer.gov/idtheft, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Again, we want to stress that we regret any inconvenience or concern this incident may cause you. Be assured that we place a top priority on protecting the security of our guests’ of personal information. Please do not hesitate to contact us at 866-852-8680 or visit Target’s website if you have any questions or concerns.
What are your thoughts CLICK HERE to leave us a "QUESTION OF THE DAY” comment.
© Copyright 2014, A Granite Broadcasting Station. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.