Target data breach hits home as some local shoppers get new debit cards

Last modified: Tuesday, December 31, 2013

NORTHAMPTON — Imagine Sharon Asher’s surprise last week when she learned that someone tried to use her debit card information to book a hotel room in China, not to mention hundreds of dollars’ worth of other charges from “strangely named” places.

Only one of the transactions — a $179 charge to a business in California — went through before a security firm hired by Asher’s bank, Florence Savings Bank, flagged the suspicious activity and put a hold on the account.

“I’ve never had this happen before,” Asher said.

Unbeknownst to them, Asher and her husband, of Hatfield, were among the many victims of a holiday-season security breach at Target in which hackers stole information on about 40 million credit and debit card accounts used for in-store purchases. The breach included customer names, credit or debit card numbers, expiration dates, security codes, and, as the retail giant announced last Friday, PIN numbers.

Asher used her debit card to make a $25 purchase at Target’s Hadley store on Dec. 21. She thought the transaction would be safe because it came outside the dates of the Target breach, which the company said occurred between Nov. 27 and Dec. 15.

“We heard about the breach at Target, but we didn’t think we needed to take any action,” Asher said.

By no means are the Ashers alone. That’s why at least two local banks have decided to reissue debit cards to any customer who shopped at Target during the breach’s 18-day window, whether or not their accounts show suspicious activity.

Florence Savings Bank mailed notices to 3,000 customers last Friday according to Monica Curhan, the bank’s marketing director. While the bank is confident in its fraud detection system’s ability to identify and alert suspicious activity on customers accounts, Curhan said bank officials aim to make sure customers feel more secure knowing they have new cards with new account numbers.

“We wanted to do what was in the best interest of customers,” Curhan said.

The debit cards will be reissued Jan. 7 and in customers’ hands by Jan. 15. Existing PIN numbers will remain the same.

PeoplesBank of Holyoke has also decided to issue new debit cards to any customer who shopped at Target. That amounts to about 10 percent of the bank’s cardholders, though the bank declines to say how many customers that is, said Sue Wilson, first vice president of corporate responsibility. Wilson said not all of those customers experienced fraudulent or suspicious activity on their accounts, but the bank decided to replace the cards as a service.

“We felt that they would feel more secure with a new card,” Wilson said. “It was just the right thing to do. We want to remove any doubt that something is happening in their account.”

The bank has already notified cardholders by mail, and customers who have not already replaced their cards at a bank branch should receive their new cards next week.

Security officials both Florence Savings and PeoplesBank said customers can use their debit cards until they get new cards, because the bank’s security systems will continue to monitor card activity and suspicious transactions. Customers are always advised, however, to monitor their accounts for potential fraudulent activity or charges they don’t recognize, said Michelle Lawrence-Bennett, Florence Savings’ vice president of security operations.

“There’s always a threat and people should be looking at their accounts on a regular basis for suspicious activity,” Bennett said.

PeoplesBank offers similar advice, and has been encouraging its customers to sign up for account alerts that enable them to be notified by email or text when transactions occur on their accounts.

“It’s a way to be in constant touch with their accounts,” said Aleda Amistadi, first vice president of operations.

Florence Savings is crediting customers’ accounts for charges stemming from the Target breach, though the bank’s security software is catching a lot of the charges before they process, said Cheryl Scully, director of operations and technology.

Several other banks are advising customers to closely review their accounts, though they have not announced plans to reissue cards en masse. Easthampton Savings Bank, for example, posted a notice on its website Dec. 19 advising customers to closely review their accounts at all financial institutions for incidents of fraud and to call the bank if suspicious or fraudulent activity is discovered. The UMass Five College Federal Credit Union and People’s United Bank posted similar notices on their websites.

Curhan, of Florence Savings, sought to assure customers that it remains safe to use a debit card. While acknowledging that the Target breach was extensive in scope, the number of times hackers are successful in massive breach attempts remains small thanks in large part to investments by banks in security systems.

“Debit cards are still the most convenient way to conduct business,” Curhan said.

It’s been nearly five years since credit card processor Heartland Payment Systems was hacked, exposing 130 million credit and debit cards, and eight years since Marshalls’ and TJ Maxx’s parent company, TJX, was hit with a breach that affected 94 million customers.

Meantime, Target confirmed Friday that debit card PIN data was stolen in its recent breach, reversing its earlier stance that the codes were not part of the hack. The retailer believes the PINs remain secure because they are encrypted and were never stored on Target’s systems in plain text.

Sharon Asher said she is pleased that Florence Savings Bank has been proactive in protecting its customers, and she advises anyone who visited a Target to be just as proactive.

“I would go get a new card,” she said. “Why wait until someone steals something from you?”

In the wake of the Target breach, state Attorney General Martha Coakley offered the following ways consumers can protect their information against identity theft:

∎ People who shopped at Target during the breach’s time frame should review and monitor credit and debit card information for the next one to two years for any unauthorized activity. Anyone who notices irregular activity or charges is advised to report them to the credit card issuer immediately.

∎ Order a credit report copy and look for unauthorized activity. People are entitled to one free credit report per year.

∎ Call one of the three major credit bureaus — Equifax, Experian or TransUnion — and place a one-call fraud alert on credit reports. If one of these credit bureaus are notified, they are required by law to notify the other two. The one-call fraud alert remains for three months.

∎ Place an extended fraud alert on credit reports if there is unexplained activity. This alert can be placed on a credit file for a seven-year period. In order to do this, a person will need to file a police report with a local police department and provide a copy to one of the three major credit bureaus.

∎ Contact the fraud departments of credit card issuers or banks to let them know about purchases made at Target stores. These financial institutions can monitor accounts for suspicious activity.

Additionally, Target has established a toll free customer help line. Callers from the United States may reach the help line at 866-852-8680. Target has also posted information on its website.


Daily Hampshire Gazette Office

115 Conz Street
Northampton, MA 01061


Copyright © 2019 by H.S. Gere & Sons, Inc.
Terms & Conditions - Privacy Policy