It’s a credit card holder’s worst nightmare — charges appearing on your account made in another state or online for exorbitant amounts or outlandish items.
It’s a gruesome possibility 40 million Americans woke up to Dec. 19 as last-minute Christmas shopping kicked into high gear. A massive data breach at Target made customers who swiped debit and credit cards at the retailer’s almost 1,800 U.S. stores between Nov. 27 and Dec. 15 vulnerable to fraud.
Customer names, card numbers, card expiration dates and the embedded code on the magnetic strip on the back of the cards were all stolen in the second-largest credit card breach in U.S. history.
The breach came to light only after reports the nation’s second-largest retailer had launched an investigation. Target said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15 and that the problem had been fixed.
It’s a bit disturbing that, while Target did contact authorities immediately, customers were left in the dark for four days. That’s four more days crooks could have been using the stolen data and cash could have been leaving accounts without explanation.
While there may have been security reasons for the wait — experts say such a sophisticated breach may have been an inside job — companies have a responsibility to alert customers ASAP when their personal info has been compromised.
To compound the problem, Target obviously was unprepared for the breach to be made public. The company’s call center was overwhelmed by calls from worried customers, and the Target website could not handle the increased traffic.
Many customers had to wait several days to find out whether they were affected by the breach. Angry card users took to the company’s Facebook page to vent their frustration, and rightfully so.