For some Target (TGT) customers, the nightmare is just beginning.
With Target's security breach, thieves didn't stop at swiping payment card numbers belonging to 40 million customers. Criminals also stole data, such as addresses and emails, for up to 70 million Target shoppers. Unfortunately, the data breach may end up creating a bigger headache if criminals use it for identity theft, as one woman recently discovered.
Lauren Campbell, a dermatologist in Texas, told CBS station KHOU-TV that after her data was stolen in the Target hack, a thief or thieves applied for cards in her name, buying everything from toys to diamond rings.
While fraudulent credit-card charges are bad, identity theft such what Campbell experienced can potentially be much more damaging. Clearing up cases of false identity can be time-consuming and challenging, given that victims may need to file a police report, plus contact the Federal Trade Commission and the fraud units of the three credit reporting agencies.
Campbell told KHOU that she received an American Express card in her name, but that it was clearly fraudulent: the thief’s photo, that of a woman unknown to her, was shown on the reverse side.
“That someone is running around pretending to be me, using my name to commit crime, that really bothers me,” Campbell said. She added, “I like how she sprang for an executive card. That was a nice touch.”
With cases of identity theft such as this, many victims never find out about the bogus accounts until they’re contacted by bill collectors about outstanding balances they know nothing about, according to the FTC.
For identity theft victims who receive collection notices, they must dispute all or part of the debt within 30 days of receiving a notice, the FTC notes.
Authorities arrested two Mexican citizens this week, alleging they used cards that contained the account information of South Texas residents. The alleged criminals, 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez, were found with 96 cloned or counterfeit cards under their clothes, which authorities said were made from data stolen during the Target breach.
What should victims do to protect themselves? First, it’s important to continue checking your cards for fraudulent charges, even small items. Thieves often place a small charge to test if a card is viable.
Next, consider taking up Target on its offer for free credit-monitoring for victims, which can be accessed here. At the same time, be wary of “phishing” scams, where criminals purport to be a bank or trusted institution and ask for your password.
Still, since Target is reaching out to consumers via email, it’s causing confusion given the warnings about phishing.
“Target's email directed me to a page, VIA A LINK, that asks for my full name and email address. But on the page it takes you to, at the top of the list of things to look out for it states: ‘Be wary of calls or email scams that may appear to offer protection but are really trying to get personal information from you,” one confused shopper wrote on Target’s Facebook page. “So is the email I got a scam?”
The company has posted its emails and communications at a website dedicated to the data breach, so that consumers can check if an email was valid.
Remember to change your passwords, and don’t use simple ones like “1234.” A recent study from password management company SplashData found the top three passwords of 2013 were “123456,” “password” and “12345678.” Those types of easily guessable passwords should be avoided at all costs.