Target’s Data Breach: What to Do Right Now to Protect Your Credit

Late last week the newswires lit up with news about the retailer Target being breached by overseas hackers.

Between November 27^th and December 15^th at least 40 million customers who bought something at Target using a credit or debit card had their payment method data breached.

And while this isn’t the first (or last) major data breach, it’s certainly one of the largest.

Normally I’d advise restraint by avoiding knee jerk reactions like closing a bunch of credit and debit card accounts. But, in this case I’m advising just that.

So, when you get done reading this those of you who used your credit or debit cards at a Target store from November 27^th until December 15^th (and there are some 40,000,000 of you) should call your financial institution and close your card and ask for a replacement.

Your data is currently being marketed at underground websites that sell stolen payment information data to fraudsters.

This is very unusual as fraudsters usually hack databases as either a show of strength (and never use the data for anything) or they steal the data and then disappear for many months or years until the heat has subsided before they do anything with it, like use it or sell it.

Not this time. It looks like the data was immediately listed for sale on the so-called “underground” black markets.

The data being sold includes account numbers belonging to credit card and debit card accounts.

And if you entered a PIN with your transaction, then you should assume that has been compromised as well.

Walk away from reading this with the impression that your data is at great risk, because it is.

Should I freeze my credit reports?

Thankfully, the type of fraud that is occurring is what’s referred to as “account take over”, which is different than true-name fraud.

The data that was compromised is not personal identification information, so the hackers cannot go out and apply for credit in your name.

As such, buying credit monitoring services isn’t really necessary because new accounts aren’t going to be opened in your name as a result of the Target breach.

But, having said that, monitoring your credit reports isn’t a bad idea.

Freezing your reports is the best most proactive way to protect your credit reports.

A credit freeze, also called a “security freeze”, take your credit files out of circulation so that no new lender may access your reports or scores for the extension of credit.

If you’ve been a victim of fraud, then the security freeze is free. If you have not, then the cost is pretty minor relative to the value.

In some states it’s a $3 flat fee per credit report. It’s money well spent.

Calm Down!!

For those of you who haven’t bought into the “credit cards are evil” nonsense you’re sleeping well tonight because of the considerable protections you’re enjoying.

The Fair Credit Billing Act limits your liability of credit card fraud to no more than $50.

And, the major credit card networks go above that limitation by having policies that waive even the first $50.

So, you’re not going to lose a dime because of this fiasco.

All of you debit card users who shopped at Target during the exposure time frame, the news isn’t as good for you.

Your data has been stolen and your liability is capped at a whopping $500 of your money thanks to the Electronic Funds Transfer Act.

Be sure to check your activity online because if you’ve been a victim then other transactions may not clear because of the lack of funds.

That could cause overdraft fees because of the bounced checks. This is yet another reason why credit cards are far superior to debit cards.

John Ulzheimer is the Credit Expert at CreditSesame.com, and a credit blogger at SmartCredit.com, Mint.com, and the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry. The opinions expressed in his articles are his and not of Mint.com or Intuit. You can follow John on Twitter here.