Posted at: 12/18/2013 10:41 PM
Updated at: 12/19/2013 12:26 PM
MINNEAPOLIS (AP) - Target says it's fixed the problem that allowed credit and debit card information on as many as 40 million accounts to be stolen. It says credit card holders can continue to shop at its stores.
But the chain also says customers should check their statements carefully for unauthorized charges.
Customers who see suspicious activity in their accounts are being told to call Target at 866-852-8680.
The accounts at risk are those of customers who swiped their cards at stores in the U.S. between November 27th and December 15th. The breach didn't affect online purchases or Canadian stores. The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.
Target isn't saying exactly how the data breach occurred. It says it's working with a third-party forensics firm to investigate it, and to prevent future breaches.
Target's stocked dipped about two percent in this morning's trading.
Here are some answers to the most common questions about the theft:
Q: I shopped at Target during that time. What should you do?
A: Check your credit card statements carefully. If you see suspicious charges, report the activity to your credit card companies and call Target at 866-852-8680. You can report cases of identity theft to law enforcement or the Federal Trade Commission.
You can get more information about identity theft on the FTC's website at www.consumer.gov/idtheft, or by calling the FTC, at (877) IDTHEFT (438-4338).
Q: How did the breach occur?
A: Target isn't saying how it happened. Industry experts note that companies such as Target spend millions of dollars each year on credit card security, making a theft of this magnitude particularly alarming.
Avivah Litan, a security analyst with Gartner Research, says given all the security, she believes the breach may have been an inside job.
Litan says Target's breach suggests that current security standards aren't working.
"It's really a wake-up call to the banking industry, but they never seem to wake up," she said.
James Lyne, global head of security research for the computer security firm Sophos, says something clearly went wrong with Target's security measures.
"Forty million cards stolen really shows a substantial security failure," he says. "This shouldn't have happened."
Q: Why is the Secret Service investigating?
A: While it's most famous for protecting the president, the Secret Service also is responsible for protecting the nation's financial infrastructure and payment systems. As a result, it has broad jurisdiction over a wide variety of financial crimes. It isn't uncommon for the agency to investigate major thefts involving credit card information.
Online: Target response
(Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)