No one wants to hear that someone has potentially gained access to his or her credit or debit card, but Thursday morning, Target had to break that bad news to some 40 million customers who shopped at stores between Black Friday and Dec. 15. “We began investigating the incident as soon as we learned of it,” states Target’s press release about the breach. “We have determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code). ” Target’s message came about a week after the website Krebs on Security posted a report about an internal investigation. In addition to saying “we deeply regret the inconvenience this may cause,” Target’s statement also offers some details of that investigation. The retail chain has partnered with a “leading third-party forensics firm” to find out what happened and prevent it from happening again. “Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts,” the statement says. The press release goes on to give contact information for the three credit reporting agencies, the Federal Trade Commission, its own customer service line, and several individual state attorneys general. There’s also an FAQ with questions such as whether Canadian customers should be worried. They shouldn’t; the breach only affected U.S. stores. Online customers were also not affected, only people who shopped in brick-and-mortar stores.
[FREE DOWNLOAD: Keep your cool in a crisis with these 13 tips]
Many of the comments on the company’s Facebook page are from customers who signed up for Target’s own debit card, the REDcard, and seem to be having trouble reaching customer service by phone. Others are asking why Target hasn’t posted anything about the breach to Facebook. Target has responded to a few of those comments with links to its press release. (Image via)