Target CEO announces plan to help fraud victims. Company says it has identified and eliminated the problem that caused data breach.
The following statements were released by Target on Friday to update customers on a data breach that began on Black Friday and may have impacted up to 40 million credit and debit card accounts.
Target says that it has identified and eliminated the problem. The company says it wants customers to know that just because they shopped at Target stores during the impacted time frame of Nov. 27 to Dec. 15 it does not mean they have been victims of fraud. Likewise, if a customer receives a letter or email regarding the data breach from Target or their financial institution it does not mean they have been a victim of fraud.
In addition, the company is offering a 10% discount to shoppers who visit U.S. stores on Dec. 21 and Dec. 22. The amount is the same offered to Target employees. The company says the discount is fitting since Target, its workers and its customers have all be victimized by the data heist.
Target says there is no evidence customer PIN numbers have been compromised which would prevent crooks from cloning their card and using it at an ATM. Likewise, the security number on the backs of the credit cards have also not been breached, according to Target, which would help prevent thieves from making unauthorized online purchases. Target says there is no indication that customer birth dates or Social Security numbers are impacted.
Below is the text of Target CEO Gregg Steinhafel's statement regarding the incident and discount for shoppers:
"Yesterday we shared that there was unauthorized access to payment card data at our U.S. stores. The issue has been identified and eliminated. We recognize this has been confusing and disruptive during an already busy holiday season. Our guests' trust is our top priority at Target and we are committed to making this right.
We want our guests to understand that just because they shopped at Target during the impacted time frame, it doesn't mean they are victims of fraud. In fact, in other similar situations, there are typically low levels of actual fraud. Most importantly, we want to reassure guests that they will not be held financially responsible for any credit and debit card fraud. And to provide guests with extra assurance, we will be offering free credit monitoring services. We will be in touch with those impacted by this issue soon on how and where to access the service.
We understand it's been difficult for some guests to reach us via our website and call center. We apologize and want you to understand that we are experiencing unprecedented call volume. Our Target teams are working continuously to build capacity and meet our guests' needs.
We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We're in this together, and in that spirit, we are extending a 10% discount – the same amount our team members receive – to guests who shop in U.S. stores on Dec. 21 and 22. Again, we recognize this issue has been confusing and disruptive during an already busy holiday season. We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores."
Below is the text of Target's statement updating customers on the investigation and what customers can expect going forward:
We are continuing the process of reaching out to guests across a number of channels including traditional and social media. Also, we have begun notifying, via email, those guests whose emails we have and who shopped in our U.S. stores with a credit or debit card during the period of November 27 and December 15. We expect that all emails will be sent by the end of the weekend.
Related: FAQ on Data Breach
It is very important for our guests to understand that receiving an email from us or a letter from their financial institution is absolutely not an indication that there has been, or will be, fraud on their card.
We continue to experience significantly higher than normal volume to our call centers and REDcard website, causing delays. We are working around the clock to resolve this issue by continually adding capacity both to our call center and technical systems to meet all of our guests' needs. For example, in the last 24 hours we have quadrupled the capacity of our online REDcard account management site.
To date, we are hearing very few reports of actual fraud, but are closely monitoring the situation. We want to reassure guests that they will not be held financially responsible for any credit card or debit card fraud.
A couple of specific questions that have been coming up that we want to be sure are clear:
1. At this time, there is no indication that there has been any impact to PIN numbers. What this means is their bank PIN debit card or Target debit card still has this additional layer of protection. It also means that someone cannot visit an ATM with a fraudulent card and withdraw cash.
2. We have no indication that the data that was inappropriately accessed included a guest' date of birth or social security number.
3. The CVV data that may have been impacted was data in the magnetic strip and NOT the three or four-digit code visible on the card that guests use that would allow someone to make an online purchase.
4. In addition, we have already alerted all of the networks (Visa, MasterCard, Discover and American Express) and provided the affected card numbers of guests who may have been impacted. The networks, in turn, are providing the affected card numbers to the financial institutions of our guests via a "batch" or "CAMS alert." This alert process allows card providers to take steps to enact additional fraud monitoring. For our REDcard holders, in addition to the robust fraud monitoring system we already had in place, we have added additional layers of security and fraud monitoring to their cards.
Related: Target says PIN numbers not impacted