Massive Card Breach at Target
- December 30th, 2013
Approximately 40 million credit and debit card accounts may have been impacted between November 27 and
December 15, 2013. The large scale card data breach involves both Visa and MasterCard credit and debit
cards. It is our understanding that the compromised data involves the entire magnetic stripe which
includes cardholder name, card number, card expiration date and the CVV/CVC counterfeit protection. Your
credit union continues to monitor the situation and as information becomes available will make decisions
on what actions will be taken to mitigate losses to credit union members and to the credit union. We
suspect that we will receive a list of card numbers from Visa and MasterCard that may have been compromised
and we will take action to cancel those cards and transition them to new card accounts. Your credit union
will make every attempt to contact you prior to disabling your current card. Please ensure we have current
contact information on file.
It is also our understanding that the Target debit “REDcard” magnetic stripe data does not carry the credit
union’s routing or member’s account number. Therefore, your credit union account information should not be
at risk. However, members should continue to monitor your accounts for any unusual activity and notify the
credit union immediately if any suspected fraud is noticed.
Credit Union members should be aware that individuals are trying to take advantage of this situation. The
Federal Trade Commission, in a blog, said that scammers claiming to be from Target are sending out phony
Target e-mails pretending to help those with compromised cards. Instead, the scammers "actually want to
trick you into giving them your personal information. And they are skilled at making the e-mails look real,"
said FTC (OnGuardOnline.gov Dec. 23). FTC advised anyone getting an e-mail claiming to be from Target to do
1. If the e-mail asks for personal or financial information, assume it is a scam. Don't reply. No legitimate
business will ask for personal information through unsecure methods like e-mail.
2. If there are links in the e-mail, don't click on them, even if they seem legitimate. Scammers can use links
to install viruses that direct you to spoof sites that aim to steal information. Hovering over a link can
reveal a deliberately misspelled Web address or a completely different destination. "Your best bet is to type
the URL directly into your browser," FTC said.
The credit union will not ask you to provide information via email. In most cases, our fraud prevention
provider will contact you, via telephone. This could be via an automated call or a representative. You will
be asked that you verify transactions. They will not ask for account information, but may ask for information
to verify that you are the cardholder. This could be by verifying the last 4 digits of your social security
number, the last four digits of your card number, or mailing address. Do not give out your full social
security number or card number. If the fraud prevention provider cannot reach via telephone, you may receive
a letter asking you to contact our fraud prevention provider or the credit union. If you have any doubt
regarding whom you are speaking to, do not provide the information and contact the credit union directly.