Credit data breach at Target could affect thousands in South Carolina

Shoppers enter the Target store in Summerville on Thursday. Target Corp. has advised customers to check their credit card statements carefully after a security breach. Buy this photo

James Island resident Nicole Zell and her husband shop at Target on average once a week.

How you can fight fraud

If someone makes fraudulent charges on your credit card account, your liability under federal law is limited to $50. Many credit cards have a zero-liability policy, so those companies have more to lose than you do. Debit cards can expose you to greater liability, and can potentially be used to drain your bank account.

Reviewing your credit reports annually is a good way to protect your credit and your identity, and by federal law you can review your credit reports at no charge once a year by visiting www.annualcreditreport.com or calling 877-322-8228.

Report any suspicious transactions immediately. If you want to go a step further, you can place a fraud alert with credit reporting agencies.

A 90-day fraud alert tells potential credit issuers to take additional steps to confirm your identity. A fraud alert can be extended to seven years, but only if you have been a victim of identity theft and can provide a police report. To establish a 90-day fraud alert, call Equifax at 800-525-6285, Experian at 888-397-3742 or TransUnion at 800-680-7289. You only have to call one of them, because the other two will be notified as a result.

When she heard the nationwide retailer had experienced a data breach affecting as many as 40 million credit and debit cards, she took it in stride as another risk of being a consumer in 2013.

"I think it's going to happen more often," she said outside the retailer's West Ashley location at Citadel Mall. "I think it's going to happen a lot in the future."

The chain reported this week that accounts of customers who made purchases by swiping their cards in its U.S. stores between Nov. 27 and Dec. 15 - the prime Christmas rush - may have been exposed.

The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. The data breach did not affect online purchases.

The breach affected all cards, including Target store brand cards and such major card brands as Visa and MasterCard.

Thousands of South Carolinians are potentially at risk. The company's website lists 19 sites in the state, with four in the Charleston area.

But South Carolina residents may be see a degree of protection if they enrolled in the protective feature tied to the state Department of Revenue breach from a year ago.

According to the state's coverage provider - CSID - taxpayers who enrolled in CSID's free identity protection service will have layers of protection "should fraudulent activity take place as a result of the Target data breach."

"Covered South Carolina taxpayers that have provided their credit card numbers to be monitored will receive an alert if we find that this information has been exposed or bought/sold on the online black market," the company said in a statement Thursday.

The CSID coverage also alerts users if other elements of their identity have been compromised, beyond just a credit card, the company said. It encouraged taxpayer enrollment to continue.

Target said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate and prevent future breaches. It said it is putting all "appropriate resources" toward the issue.

Target Corp. advised customers to check their statements carefully. Those who see suspicious charges on the cards should report it to their credit card companies and call Target at 866-852-8680.

Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission.

Target didn't say exactly how the data breach occurred, but said it had since fixed the problem and that credit card holders can continue shopping at its stores. When asked whether there's a certain time when shoppers know their accounts will no longer be vulnerable, a Target spokeswoman said, "We encourage everyone to be vigilant."

The timing of the breach is considered crucial since the November and December period accounts for 20 percent, on average, of total retail industry sales.

The issue is particularly troublesome for Target because it has used its red-branded credit and debit cards as a marketing tool to lure shoppers with a 5 percent discount.

Target is just the latest retailer to be hit with a data breach. TJX Cos., which runs stores such as T.J. Maxx and Marshall's, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn't detected until December 2006. In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.

An even larger hack hit Sony in 2011. It had to rebuild trust among PlayStation Network gamers after hackers compromised personal information, including credit card data on more than 100 million user accounts. Sony was criticized for slowness in alerting users to the breach.

Those who monitor the credit industry say the strongest advice is for consumers to keep watch on their statements for activity that isn't familiar. Also, that the exposure may be troublesome enough that Target might have to launch its own consumer protection effort.

"Any time an organization finds itself a victim of a data breach, it puts its brand and reputation at risk because it can significantly damage consumer trust," said Daren Orzechowski, of White & Case, which focuses on information technology legal matters, including privacy.

"Target or the credit card company may have to offer these customers something, such as credit monitoring, to protect them from suffering any monetary losses and to preserve goodwill," he said.

Reporting by The Associated Press was included in this story. Reach Schuyler Kropf at 937-5551.

Comments { }

Postandcourier.com is pleased to offer readers the enhanced ability to comment on stories. We expect our readers to engage in lively, yet civil discourse. Postandcourier.com does not edit user submitted statements and we cannot promise that readers will not occasionally find offensive or inaccurate comments posted in the comments area. Responsibility for the statements posted lies with the person submitting the comment, not postandcourier.com. If you find a comment that is objectionable, please click "report abuse" and we will review it for possible removal. Please be reminded, however, that in accordance with our Terms of Use and federal law, we are under no obligation to remove any third party comments posted on our website. Read our full Terms and Conditions.