Piffero of Fresno, Calif., was like thousands of other
customers throughout Fresno and the San Joaquin Valley
who used their debit or credit cards for holiday
shopping at a Target store.
to them, hackers had managed to penetrate Targetís
card-payment systems and, over a three-week period in
late November and December, steal data for credit and
debit card accounts, compromising personal information
for as many as 70 million customers nationwide.
news broke about the massive data breach, a nervous
Piffero began closely monitoring her bank account for
funny business ó making sure there were no fraudulent
transactions with her card number.
she received a notice from Golden 1 Credit Union, where
she and her husband bank ó the Sacramento,
Calif.-based credit union "is proactively replacing
all potentially impacted cards" of customers who
shopped at Target between Nov. 27 and Dec. 15.
was a little shocked" by the notice, Piffero said.
"You hear about these card breaches in the news,
and Iíve never really been a part of this before. I
knew this was a large one."
her account information is one of the key things that
data security experts agree customers should be doing in
the wake of the Target fiasco. But others say itís an
even better idea to cancel the potentially compromised
card and ask the bank or credit union to replace it with
a new one.
it isnít a bad idea to replace your card after the
holidays anyway," said Ken Westin, a technology
security researcher and a contributor to Tripwire.comís
"The State of Security" blog. "Credit
cards are promiscuous; they get handled frequently by a
lot of different people, and with each
interaction/purchase, the risk increases.
you add in a major breach like this where that number is
now out in the wild, and it is better to just put that
card out of its misery and get a fresh new one,"
one reason that Golden 1 ó the seventh-largest credit
union in the U.S. ó is reissuing new cards to about
72,000 members. Thatís more than 11 percent of its
651,000 members statewide.
was a pretty easy decision, given that this happened
right at the holidays," said Scott Ingram, a Golden
1 spokesman. "We knew people were going to be more
likely to use their cards during this time, and the risk
of fraud might be higher than at some other time of the
year. That made it important to take quick action."
that action comes at a cost. Ingram estimated that
Golden 1ís expenses to notify its members and replace
cards "is approaching about $400,000 for us at this
point, not counting staff time and overtime."
1 isnít the only financial institution replacing debit
cards. JPMorgan Chase and Union Bank, among others,
report that they are replacing cards that are at risk
for fraud because of the Target breach.
Targetís card-data theft was a large and notable
breach, it was not the only incident last year in which
customersí information was put at risk. The Identity
Theft Resource Center, a San Diego-based nonprofit,
reported that through Dec. 31, almost 620 data breaches
occurred among banks and financial institutions,
businesses, educational institutions, health-care
organizations and government or military agencies.
the ITRCís reckoning, those breaches potentially put
at risk at least 58 million records ó Social Security
numbers, driverís license numbers, medical records or
credit/debit card data ó and possibly many more,
because in most instances the volume of compromised
information is not publicly reported.
know thereís a correlation between data breaches and
fraud or identity theft," said Eva Velasquez,
president and CEO of the ITRC. "About one in four
consumers who are notified of a data breach will
eventually become victims of identity theft."
Target breach put the issue at the forefront of the
publicís attention. Ordinarily, the ITRCís toll-free
telephone call center in San Diego handles about 10,000
calls in a year. But after the Target situation was
reported, "we took 1,100 calls in three days,"
Velasquez said. "That tells you how many people are
paying attention to this.
we had to silver-line this issue, itís that Target is
such an iconic brand and this happened at the holidays,
people are now aware that this is something they need to
pay attention to," she added. "The world we
live in has these very sophisticated electronic
infrastructures, but none of them will be
STORY CAN END HERE)
card data and PINs are at risk in the Target breach,
Velasquez said thereís no indication from Target that
even more critical information, like Social Security
numbers, were compromised. "Thatís the key
component" to fraudsters opening new lines of
credit under someone elseís identity.
telling people to react, but not to panic,"
is encouraging people to closely monitor their bank
accounts for suspicious charges and to work with their
financial institution on what other steps to take,
Velasquez said. "Because this breach involves so
many different methods of payment ó credit cards and
debit cards ó all of these different card issuers, all
these financial institutions have a stake" in
protecting their customers.
because businesses face huge costs when data is stolen.
Ponemon Institute, a data and privacy research firm in
Michigan, reported last year that among companies it
surveyed, the cost of a data breach from a malicious or
criminal attack was estimated at $277 per compromised
record. The institute added that last year was the first
time malicious or criminal attacks made up the most
frequent cause of data breaches ó about 41 percent,
compared to 33 percent from human error or negligence
and 26 percent from system glitches.
the Target shopper, said sheís likely to remain loyal
to the store, where she said she typically shops several
times each month ó including trips to stock up on
holiday decorations and gifts during the three-week data
been back since and will probably still continue to go
to Target," she said. "It could have happened
at any store. It comes with the technology. Ö But it
definitely made me think of all the places where my
credit card information is stored."
customers who are concerned about the card-data breach
can call the company at 866-852-8680 or visit