Target Corp. on Saturday said it has been aggressively pushing messages to its consumers on Facebook and Twitter and will continue to do so in the coming days. The messages contain tips consumers can take following the data breach impacting Target stores. The retailer began reaching out to customers whose e-mails it has on file and to consumers it knows shopped between Nov. 27 and Dec. 15, when the breach occurred.
Target on Thursday confirmed that a major data breach occurred between those dates, which includes many of the most important shopping days of the year.
“It is very important to our guests to understand that receiving an e-mail from us or a letter from their financial institution is absolutely not an indication that there has been or will be fraud on their card,” Target said.
The unauthorized access to payment card data may have impacted 40 million shoppers making credit and debit card purchases in U.S. Target stores. Online transactions appear to be unaffected.
The Minneapolis-based retailer said it’s working closely with law enforcement and financial institutions and has “identified and resolved the issue.”
Target is stepping up its campaign to reach customers via social media to convey the message that shoppers “will bear absolutely zero liability for any charges that they didn’t make.”
Target is providing free fraud monitoring to all impacted guests.
Target offered a 10 percent discount to guests who shopped in U.S. stores on Dec. 21 and 22.
William F. Pelgrin, president and ceo of the Center for Internet Security, said, “If the breach was a point-of-sale attack, there are any number of ways it might have occurred, including someone falling prey to a phishing scam; a system misconfiguration, including hardware and software; exploitation of other weaknesses, or the human element, such as malicious insider or inadvertent error.” He added, “We don’t have any knowledge about Target’s technology infrastructure or security. The key is to identify weaknesses and mitigate those weaknesses to prevent a recurrence of a data breach.”