Your browser version is outdated. We recommend that you update your browser to the latest version.

Massive Card Breach at Target

Posted 12/30/2013

Approximately 40 million credit and debit card accounts may have been impacted between November 27 and December 15, 2013. The large scale card data breach involves both Visa and MasterCard credit and debit cards. It is our understanding that the compromised data involves the entire magnetic stripe which includes cardholder name, card number, card expiration date and the CVV/CVC counterfeit protection. Your credit union continues to monitor the situation and as information becomes available will make decisions on what actions will be taken to mitigate losses to credit union members and to the credit union. We suspect that we will receive a list of card numbers from Visa and MasterCard that may have been compromised and we will take action to cancel those cards and transition them to new card accounts. Your credit union will make every attempt to contact you prior to disabling your current card. Please ensure we have current contact information on file.

It is also our understanding that the Target debit “REDcard” magnetic stripe data does not carry the credit union’s routing or member’s account number. Therefore, your credit union account information should not be at risk. However, members should continue to monitor your accounts for any unusual activity and notify the credit union immediately if any suspected fraud is noticed.

Credit Union members should be aware that individuals are trying to take advantage of this situation. The Federal Trade Commission, in a blog, said that scammers claiming to be from Target are sending out phony Target e-mails pretending to help those with compromised cards. Instead, the scammers "actually want to trick you into giving them your personal information. And they are skilled at making the e-mails look real," said FTC ( Dec. 23). FTC advised anyone getting an e-mail claiming to be from Target to do two things:

  1. If the e-mail asks for personal or financial information, assume it is a scam. Don't reply. No legitimate business will ask for personal information through unsecure methods like e-mail. 
  2. If there are links in the e-mail, don't click on them, even if they seem legitimate. Scammers can use links to install viruses that direct you to spoof sites that aim to steal information. Hovering over a link can reveal a deliberately misspelled Web address or a completely different destination. "Your best bet is to type the URL directly into your browser," FTC said.

The credit union will not ask you to provide information via email. In most cases, our fraud prevention provider will contact you, via telephone. This could be via an automated call or a representative. You will be asked that you verify transactions. They will not ask for account information, but may ask for information to verify that you are the cardholder. This could be by verifying the last 4 digits of your social security number, the last four digits of your card number, or mailing address. Do not give out your full social security number or card number. If the fraud prevention provider cannot reach via telephone, you may receive a letter asking you to contact our fraud prevention provider or the credit union. If you have any doubt regarding whom you are speaking to, do not provide the information and contact the credit union directly.