The numbers are staggering.
Some 110 million Target customers were impacted. Neiman Marcus now says 1.1 million of its customer were hit too. (Not to mention the emerging news of a breach at Michaels craft stores.)
People who shopped at Target and Neiman Marcus during the 2013 holiday season were undoubtedly different. The former attracts customers looking for an affordable splurge far up the discount food chain. The latter caters to those looking for nothing less than a luxury retail experience at a store so famous for markups that an urban legend about selling a $250 cookie recipe still persists.
But now the customers of Target and Neiman Marcus have one thing in common. They both unwillingly surrendered a treasure trove of information to hackers.
Card numbers, expiration dates, and 3-digit security codes were pilfered from 40 million people. And the names, mailing addresses, phone numbers, and email addresses of another 70 million were stolen.
All gone with a single swipe.
And now, the aftermath: Customers left worrying about their accounts, sorting through a barrage of phishing emails seeking to further do financial damage.
Where can you turn? What do you need to do next? I've put together this guide to help you.
Watch your statements carefully
If you're among the affected, you need to go through your credit card and debit card statements this month and next month with a fine tooth comb. Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.
Meanwhile, Target has been sending emails informing customers of a free credit monitoring offer for one year in partnership with Experian's ProtectMyID service. While these emails are generally legit, they can easily be copied by scammers masquerading as Target or even as Experian. So I don't want you accessing the offer by email. Instead, go directly to https://creditmonitoring.target.com/ to sign up.
There's been some confusion about what exactly credit monitoring is, especially versus the credit freeze you always hear me talk about. So I want to clear that up.
What is a credit freeze vs. credit monitoring?
Both Target and Neiman Marcus are rolling out offers of free 1-year credit monitoring for affected customers.
Credit monitoring essentially puts fraud alerts on your credit files with the 3 main credit bureaus. These alerts are meant to raise a flag to potential creditors, alerting them to carefully verify an applicant's identity before extending credit. But very often these alerts are ignored.
That's why a credit freeze is superior to credit monitoring.
A credit freeze allows you to seal your credit reports so no new applications for credit can be initiated in your name without your knowledge. When you do a credit freeze with the 3 main credit bureaus, you get a PIN that only you know.
This PIN can be used by you to temporarily "thaw" your credit so that legitimate applications for credit and services can be processed. Without this PIN, a criminal would not be able to establish new credit in your name even if they are able to take over your identity.
Freezing your credit files has no impact whatsoever on your existing lines of credit, such as credit cards. You can continue to use them as you regularly would even when your credit is frozen.
Use an abundance of caution
This is a time when you need to beware of anyone calling or emailing you trying to impersonate Target, Neiman Marcus, or your bank. The cons may ask you to click a link or to verbally confirm additional personal information over the phone.
As stated before, when in doubt, hang up the phone or close out the email. Then call your bank or visit the merchant website to verify the legitimacy of the request.
If you remember one thing, it should be this: Do not click on any links in emails that come related to this breach!
Time to kick debit out of your life?
The reality is customers who used a debit card were hit hardest by this breach. Experts estimate that's going to be about 2 million of us. If you wish to continue using debit in the future, be sure you tie it into a separate account that's only used for debit transactions so only that money is at risk.
You'll also want to see this list of places you should never use a debit card, and this follow-up story with even more trouble spots that we recently ran.
To understand just how bad debit cards are, you first have to look at the consumer protections afforded to credit cards. In a case like this breach where crooks just have your credit card number but not the physical card, normally that means zero dollar liability. In the worst case scenario, your maximum liability would be $50…and some issuers will waive even that.
If you used a debit card though, it's a whole different story. Debit cards are dangerous to your wallet. They don't have the normal protections under federal law offered by a credit card. Our nation's magnetic strip technology undermines our financial safety and makes us a target for hackers.
With a breached debit card, you have only 2 days to notice that money is gone from your account...or else your liability rises to $500. And under some circumstances, your liability with a debit card can be unlimited.
For further reading: