It’s a credit card holder’s worst nightmare — charges appearing on your account made in another state or online for exorbitant amounts or outlandish items.
It’s a gruesome possibility 40 million Americans woke up to Dec. 19 as last-minute Christmas shopping kicked into high gear. A massive data breach at Target made customers who swiped debit and credit cards at the retailer’s almost 1,800 U.S. stores between Nov. 27 and Dec. 15 vulnerable to fraud.
Customer names, card numbers, card expiration dates and the embedded code on the magnetic strip on the back of the cards were all stolen in the second-largest credit card breach in U.S. history.
The breach came to light only after reports the nation’s second-largest retailer had launched an investigation. Target said it immediately told authorities and financial institutions once it became aware of the breach on Dec. 15 and that the problem had been fixed.
It’s a bit disturbing that, while Target did contact authorities immediately, customers were left in the dark for four days. That’s four more days crooks could have been using the stolen data and cash could have been leaving accounts without explanation.
While there may have been security reasons for the wait — experts say such a sophisticated breach may have been an inside job — companies have a responsibility to alert customers ASAP when their personal info has been compromised.
To compound the problem, Target obviously was unprepared for the breach to be made public. The company’s call center was overwhelmed by calls from worried customers, and the Target website could not handle the increased traffic.
Many customers had to wait several days to find out whether they were affected by the breach. Angry card users took to the company’s Facebook page to vent their frustration, and rightfully so.
In the days since the announcement, Target has done a better job in setting things right, giving card holders detailed instructions of what they should do and plenty of options for resolving suspicious charges.
Financial institutions, including at least one local bank, have also been quick to provide excellent customer service, realizing what a delicate matter canceling cards, and thus cutting off access to funds, can be.
The entire matter is a lesson in the dangers of the credit card age — and a good reminder that carrying cash may not be such a bad thing.
In summary Target's response to the data breach that made its customers vulnerable should have come sooner, and the company should have been more prepared.