By Jill Jaracz


5 Min. To Read

* Editorial Disclaimer

This post may contain references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. The content or opinions contained within this post come from third party journalists or members of the Editorial Team and are not supplied by any of our partners.

Target has confirmed that it experienced a data breach during the beginning of this year's holiday shopping season that could put a damper on some of its customers' financial information.

The breach started on November 27, just before Black Friday, the busiest shopping day of the year, and it continued through December 15. The breach affected about 40 million credit and debit card accounts, and the customer information affected includes name, credit or debit card number, card expiration date and the CVV on the card.

Target confirmed it was aware of the breach on December 19. In a press release it said that the data breach only affected purchases made in U.S. stores and had been resolved. Target also said it was working with law enforcement and financial institutions on the issue.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," says Gregg Steinhafel, chairman, president and chief executive officer of Target, in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

In the meantime, consumers who made purchases at Target during this timeframe should monitor the activity on any cards they used at Target during this time period. "A concern is that the thieves could attempt to make counterfeit cards, because the stolen data came from the accounts of customers who made purchases by swiping their cards at terminals," says Daren Orzechowski, a partner at the law firm White & Case. Orzechowski focuses on information technology legal matters, including privacy. "Target or the credit card company may have to offer these customers something, such as credit monitoring, to protect them from suffering any monetary losses and to preserve goodwill."

Target says customers can still use credit cards that may have been affected by the breach, although Orzechowski does note that the retailer may have a hard time getting customers to use their credit and debit cards at Target. "Any time an organization finds itself a victim of a data breach, it puts its brands and reputation at risk because it can significantly damage consumer trust," says Orzechowski.

Target also recommends that any customer who used their credit or debit card during the affected period should take precautions to ensure their identity and credit hasn't been impacted. The retailer recommends monitoring the card account for any unauthorized charges. Additionally, the company recommends you monitor their personal credit reports to ensure that no identity thieves capitalizing on the stolen information have opened up unauthorized credit cards or obtained fraudulent loans. You may get a free credit report from each of the three nationwide credit reporting agencies once a year, which you can access through or by calling (877) 322-8228.

If you do find unauthorized activity on your account, report the matter directly to your financial institution. You may also contact the Federal Trade Commission and your local law enforcement to report the incident. If your credit report contains information resulting from a fraudulent transaction, you can ask the credit reporting agency to delete it.

Credit reporting agencies can also put a fraud alert on your file, which makes it difficult for someone to get credit by using your name. While this does protect you, if you're trying to get more credit, the fraud alert could slow down your application. You can also put a security freeze on your file, which means that a credit reporting agency must get your written permission before releasing information from your credit report.

Target has begun an investigation of the incident, which it's conducting with a third-party forensics firm.

Table of Contents