Target Corporation confirmed on December 19, 2013 that approximately 40 million of their customers’ credit and debit card accounts may have been compromised. The unauthorized access occurred between November 27 and December 15, 2013, meaning anyone who shopped at Target and used a payment card during this time period may be at risk for fraud.
It’s never fun to receive a breach letter in the mail. Out of nowhere, you’re informed that through no fault or ill-advised action of your own, your personally identifying information (PII) has been compromised and may have been exposed for all the world to see. This can cause panic on the part of the consumer. As we at the ITRC often see firsthand, in addition to being scary, it can confound and confuse. What information was exposed? What does this mean? Am I a victim of identity theft? What should I do now?
The Identity Theft Resource Center has been receiving hundreds of calls regarding a specific data breach notification letter from a debt collection law firm in the state of Florida. The letter was sent to people who may have had their personally identifiable information (PII) exposed, detailing the cause of the exposure, the firm's response, and some tips for people to protect themselves.
Recently, Barnes and Noble discovered that criminals stole customers' credit card information who shopped at over 60 stores located across the United States. States affected by the breach include California, New Jersey, New York, Pennsylvania, Rhode Island, Illinois, Massachusetts, Connecticut and Florida. It is not clear exactly how the hackers infiltrated the Barnes and Noble payment systems, but it was determined that the PIN pad devices that customers will swipe and enter their pin number into were the culprits.
As an organization specializing in monitoring and tracking data breaches, the ITRC has come across varying degrees of breaches and reasons for notification due to the varying types of compromised information. We would like to take this opportunity to address some of the differences and provide some insight into our approach for tracking data breach incidents.