NEW YORK (CNNMoney) — If you’ve given Target your name, email, phone number or address — keep reading.
The data breach at Target was significantly broader than originally reported: The company said Friday that 70 million customers had information such as their name, address, phone number and e-mail address hacked in the breach.
Target said the personal data stolen could affect its past shoppers — not just those who have visited the store recently.
Customers who shopped in the weeks following Thanksgiving may have had credit or debit card information stolen, with as many as 40 million people affected.
Target said it would try to reach customers for whom it has e-mail addresses to inform them of the breach. It cautioned that it would not ask customers to provide any personal information and warned customers not to respond to any e-mail claiming to be from Target.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Target CEO Gregg Steinhafel.
Customers will not be liable for the cost of any fraudulent charges. Target is also offering one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores. Customers will have three months to enroll in the program.
Experts suggest that customers who used debit or credit cards at Target between Nov. 27 and Dec. 15 should contact their card issuer and get a new card with a new account number. They should also change their PIN and monitor their account carefully for any questionable purchases.
The data breach doesn’t necessarily mean that thieves can gain access to customers’ bank or credit card accounts. But it does put them at greater risk for identity theft. There is also a risk that thieves can use the information to try to create new accounts in a customer’s name.
Target also said Friday that holiday sales fell sharply after the hacking news. Sales at stores open at least a year fell between 2% and 6% after the announcement. The company also said that the costs related to the hacking will hurt earnings.
Target also announced it will close some U.S. stores in May of this year due to their financial performance.
Be on your guard, and follow the following advice from financial experts:
- Now that the criminals have three ways to contact you, expect to get fake phone calls, emails and letters in the mail. They’ll be asking for your personal information and telling you to click on links. Don’t do it, even if it looks official.
- Instead, take the advice of NTT Com Security consultant Chris Camejo and go directly to the source. If a person calls you, claims to be with your bank and says you’ve been affected by the Target hack, hang up. Then call the bank number on your credit card to resolve the issue.
- Similarly, if you get an email that seems official, don’t click on any links. If it claims to be Target, just go to Target.com/databreach. Target is posting all true communication with customers there. If it claims to be your bank or anyone else, ignore the email and go straight to the Target website. Type in the address yourself.
- Ditto with paper mail scams. Don’t answer them.
- Make calls: Don’t wait for a phone call from Target, a bank or a credit card company. Contact them yourself and let them know you’ve shopped at Target and are at risk for fraud. They might just issue you a new card or PIN as a precaution.
Target has set up a phone line (866-852-8680) for customers who suspect unauthorized activity on their accounts.
- In the meantime, also check your recent bank and credit card statements. Look for charges you don’t recognize. Be eagle-eyed for tiny charges; criminals are known to test a stolen credit card by spending just a few cents before charging it with much more.
- Sign up for fraud monitoring: This is the best way to keep an eye on your finances. In the next three months, Target is offering one year of free credit monitoring and identity theft protection to anyone who has shopped in their U.S. stores.
- Review any website that keeps your credit card: The worst part about Friday’s revelations is that criminals are now armed with even more information. If they have your email and credit or debit card information, they could pose as you on certain websites.
Some online services and marketplaces allow hackers to bypass your password if they know the last four digits of your payment card.