Target hack: how to know if it hurt you (Updated)

By now, everyone knows that if you shopped at Target and paid by credit card between November 27 and December 15, 2013, you may be vulnerable and a victim of this humongous breach of security.
 

UPDATE: Following this article, I got this email comment from a privacy expert at a law firm:

“A concern is that the thieves could attempt to make counterfeit cards, because the stolen data came from the accounts of customers who made purchases by swiping their cards at terminals,” says White & Case Partner Daren Orzechowski, who focuses on information technology legal matters, including privacy. “Target or the credit card company may have to offer these customers something, such as credit monitoring, to protect them from suffering any monetary losses and to preserve goodwill.”

“Any time an organization finds itself a victim of a data breach, it puts its brand and reputation at risk because it can significantly damage consumer trust,” says Orzechowski. “For retailers, something like this is terrible but they can better navigate the situation if they have a plan and protocol in place to address a breach if and when it happens. The last thing a business wants to do is to scramble to first come up with a remedy after the breach has occurred.” 

Seeing as how the breach happened at the card reader level and the attack was so big and so well coordinated, the responsibility is with Target to deal with this better and to take on the burden of supporting its customers. 

All this advisory crap isn’t cutting it with me. The consumer deserves better.

Apparently, Target’s business is not going to be hurt this holiday shopping season beacause of this. That boggles my mind, too. What’s everyone going to do, pay cash? Should I really trust Target so easily because, the world will end if I don’t buy Christmas crap from one of their stores? 

Man, people are just sheep these days.

Original Story:

Target has said that it is partnering with a third-party forensics firm to shore up its defenses, which is nice, after the fact. Additionally, Target has told the authorities and the credit card companies about everything that they have found out, which is nice, after the fact. But, frankly, the real problem here is that as an individual, if you feel like you may have had your data stolen, your choices are pretty awful.

Let’s be clear. A crime has been committed against you. Possibly. Now, in order to find out what has happened and how to remedy the situation, your options pretty much suck.

For example, Target recommends that you “you should remain vigilant” by reviewing your account statements and monitoring free credit reports. If you are the kind of person who likes to sign up for credit reports on yourself, you’ll know how spammy the services are. Granted, under federal law, you are entitled to one free copy of your credit report every 12 months but, with all this breaching of the paywalls going on, one every 12 months ain’t going to cut it.

Then, as is quite clear in Target’s own release on this issue, if your personal credit card has been compromised, your identity has been stolen and you are in the middle of a s#$%storm, you are now liable for spending an inordinate amount of time fighting the credit rating agencies, who are, my personal opinion here, scum sucking bottom feeders with the power of life or death.

So, let’s say you are willing to go to any one of the credit agencies, Experian, Equifax, or Transunion, and you find that fraud has been committed and your credit is compromised. 

You need to make a formal request to the specific credit reporting agency to delete that information from your credit report file.    

Target suggests:

 

You can add a fraud alert to your credit report file to help protect your credit information.  A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit.  You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above.  As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.  In addition, you can contact the nationwide credit reporting agencies regarding if and how you may place a security freeze on your credit report to prohibit a credit reporting agency from releasing information from your credit report without your prior written authorization.

 

Frankly, this is an inconvenience because, it doesn’t always flow smoothly. Your flagging your own account and even innocuous stuff may be rejected, impacting your ability to get credit, because it doesn’t fit the parameters set by your fraud alert. 

All sounds nice and dandy, but if you decided to electrify the fences around your house and put landmines on your lawn, you may actually blow up the neighbors dog. See how great that analogy is. 

So, putting a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, mortgages, employment, housing or other services. 

Lovely. You are a victim of being a victim. Suck it up, and start fortifying your life.

And here is the list of stuff that you have to provide to get that security freeze put in place. All in writing to each of the three agencies:

 

  • Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  • Social Security number;
  • Date of birth;
  • If you have moved in the past five (5) years, the addresses where you have lived over the prior five years;
  • Proof of current address (e.g., a current utility bill or telephone bill);
  • A legible photocopy of a government issued identification card (e.g., state driver’s license or ID card or military identification);
  • If you are a victim of identity theft, a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft;
  • If you are not a victim of identity theft, payment by check, money order, or credit card (Visa, MasterCard, American Express or Discover only).  Do not send cash through the mail.
  • The credit reporting agencies have three (3) business days after receiving your request to place a security freeze on your credit report.  The credit reporting agencies must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both that can be used by you to authorize the removal or lifting of the security freeze.

 

I could go on and on.

In summary, the data in this particular breach at Target is beyond horrendous: it included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code). So, if someone got it, they have everything they need to screw you over.

Then, once you have been screwed over, you will be further screwed over by the process of dealing with being screwed over because….. you tell me why? This is totally unacceptable in every way. It is unacceptable to get so much data hacked. It is unacceptable that the remedies for people who may be damaged are so ridiculous.