If you’re one of the 40 million people who used your credit or debit card at any Target (NYSE: TGT) stores between the day before Thanksgiving and last weekend, your personal information may have been compromised in the retail giant’s massive security breach. But how could you tell if you were a victim?
On Thursday, the Minneapolis-based company confirmed that it is “aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores” over a 19-day stretch.
“We regret any inconvenience this may cause,” Target CEO Gregg Steinhafel said in a statement. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target said 40 million credit and debit cards that were swiped in its 1,800 stores -- only in brick-and-mortar stores and not online -- between Nov. 27 and Dec. 15 “may have been impacted” in the data breach, in which information including customer names, card numbers, expiration dates and three-digit security codes was stolen.
Target advised its consumers to “remain vigilant for incidents of fraud and identity theft by regularly reviewing their account statements and monitoring free credit reports.”
Continue Reading Below
But how do you check if your debit or credit card information was compromised, and what should you do now, whether your account has been compromised or not?
1. Check your statements
The obvious first step is to check your debit card activity or credit card statements for any purchases you have not personally made. Target also recommended this step to its customers, writing: “We recommend that you closely review the information provided in this letter for some steps that you may take to protect yourself against potential misuse of your credit and debit information. You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports.” Comb through your statements with extra care and record any suspicious transactions.
2. Sign up for fraud monitoring
If you’re lucky enough to have gotten through the ordeal unscathed, experts recommend signing up for fraud monitoring services through your bank or credit card company, which are typically free. For example, Bank of America has Total Security Protection free with all consumer and debit cards.
3. Report fraud
If your account has been compromised in any way with unusual or suspicious activity or purchases, immediately report it to your bank or credit card company. You should also report it to the Federal Trade Commission (FTC) to protect yourself from identity theft. Visit the FTC’s web site, at www.consumer.gov/idtheft or call the FTC at (877) IDTHEFT (438-4338).
4. Sign up for fraud alert
Again, if your account has fallen victim, signing up for a fraud alert on your credit report can ensure extra security against identity thieves. The service, which is typically free for 90 days, protects your identity for issuing new credit, loans or accounts in your name. Here are three national credit reporting agencies: Equifax.com (800) 525-6285; experian.com (888) 397-3742; and transunion.com (800) 680-7289.
5. Cancel your card
While it may be an extreme measure, a fraud analyst told NBC News that it’s better to be safe than sorry when it comes to identity fraud. "If it was my debit card, I would probably cancel it," Avivah Litan, a fraud analyst at technology research company Gartner, told NBC Business. "I don't like anyone going into my bank account."
6. Contact Target
Target said its customers are “top priority” and should “not hesitate” to contact the company directly regarding issues related to the security breach by phone at 866-852-8680 or via the Target website.
7. Contact law enforcement
Residents of Iowa, Maryland, North Carolina or Massachusetts who have fraudulent activity on their accounts and shopped at Target during the time of the breach should contact law enforcement or their state’s Attorney General. Target has the information for those individual states on its website.