If you thought hackers stealing debit and credit card information on 40 million customer was bad just wait until you hear the latest update from Target.  It appears that during their investigation Target has discovered that an additional 70 million customers had been exposed.  However this time it was not just debit and credit card information.   The new discovery revealed that customer mailing addresses, email addresses, phone numbers and names were also exposed.

So why the delay?  Initially it was thought that the hacking of the POS terminal (the credit card processing unit) meant that only credit and debit card information was stolen.  The breach investigation revealed that because the POS system was connected to the Target network the hackers were also able to access an additional store of information that contained mailing addresses, email addresses, phone numbers and names of customers.  This data had been collected over a period of time.  It is possible that overlaps between the two exposed groups exist.

It is this new data that poses the greatest risk for customers.  Credit card customers merely needed to cancel their card and request a new one.  If a fraudulent transaction was detected the debt was erased.  End of story.  Debit card customers also needed to request new debit cards as well as diligently monitor their bank statements.  If a fraudulent transaction was detected then funds were removed from the bank account.  This may result in overdraft fees or returned checks.  Fortunately the banks are required to replace the money lost to fraud but they are not required to refund the overdraft fees.  While there is a risk of financial loss this is mainly an inconvenience.  Something that would readily be resolved.

This not the case with the additional information.  The exposure of mailing addresses, email addresses, phone numbers and customer names has elevated the risk level to high alert.  Hackers have the ability to inflict greater damage with a name, email address, mailing address and phone numbers.  Scammers are already taking advantage of the breach by sending out phishing emails claiming to be from Target.  Phishing emails are easy to detect as they typically start with “Dear Customer.”  The additional breached data from Target will allow for spear phishing where emails will contain your name.  So now you will receive an email that includes your name claiming to be from Target offering you free credit monitoring services.  However, when you click on the link in the email either 1) malware, software with malicious intent, will be installed on your computer or 2) take you to a webpage asking you for your sensitive information, like a social security number.

The additional information has also given the hackers enough data to piece together, through the use of the personal identifying black market as well as the Internet, the remaining pieces of your identity.  This risk is much great than merely having your credit card number exposed.

[important]So what should you do?  Follow these simple tips[/important]

  • Never give out sensitive information during an unsolicited phone call.
  • Never click on a link in an email until you have verified it is valid.
  • Monitor ALL statements – bank, credit card, etc.
  • If you detect a discrepancy notify the financial institution IN WRITING immediately.

If you have any questions give me a call at 239-435-9111, send me an email or leave me a comment.