Should you cancel your card? Questions linger following Target breach


A massive data breach that exposed credit and debit card information of 40 million Target customers has many asking how they can protect themselves from identity theft.

Concerned customers overwhelmed Target's call centers, website and social media channels Thursday with inquiries. Many were unable to access Target REDcard accounts online or experienced long wait times over the phone.

Those that used their debit or credit card, both Target-issued and otherwise, at U.S. Target stores between Nov. 27 and Dec. 15 have been advised to check their accounts for unauthorized transactions – a potential consequence of the massive breach.

A Minnesota bank went as far as canceling the debit cards of 180 customers, KARE 11 reports. Wadena State Bank issued new cards to customers whose records showed they used their cards at Target during the three-week period.

In Duluth, bank managers are recommending that affected Target customers do the same.

“The proper step to take is to close that card,” Dale Lewis, president and CEO of Park State Bank, told the Duluth News Tribune.

Experts say customers who used a credit card have more protection from fraudulent use than debit card users, the Chicago Tribune reported – but it's best to err on the side of caution and get a new card.

Mark McCurley, senior information security adviser for Scottsdale, Arizona-based IDT911 Consulting, a company that does data breach prevention and post-breach analysis, told the Chicago Tribune he also used a debit card at Target during the timespan of the breach. He just requested a new debit card and PIN number.

"That's how seriously I'm taking the matter," McCurley said.

Those who choose to not replace cards should monitor statements carefully, as the consequences of the breach could affect accounts months from now.

The Minneapolis-based retailer said Thursday that the data breach was identified on Dec. 15 and subsequently resolved. But how the breach occurred is still being investigated.

The stolen information includes names, card numbers, expiration dates and the three-digit security codes on the back of cards. A Target spokesperson told USA TODAY that there's no indications that debit card PIN numbers were accessed.

Target has not said whether any of its customers have lost money due to the illegal access. The company, however, will likely face hefty fines from card issuers over the breach and spend millions fixing what went wrong.

“Whatever money Target thought they were going to get during the holiday season just got flushed down the data-breach toilet,” John Kindervag, an analyst and data security expert at Forrester, told the Washington Post.

The company can also expect legal fees after a California woman filed a lawsuit Thursday, claiming that Target failed to maintain and implement reasonable security procedures and practices, Bloomberg Businessweek reports. The defendant is seeking class-action status.

Next Up