UPDATE: Posted December 30, 2013
On December 27, Target issued a statement confirming that strongly encrypted PIN data was also stolen in the breach that was first announced on December 19. The following statement was posted on Target's website regarding this latest development: "We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."
"Due to how the encryption process works, Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident."
According to Target.com, customers whose REDcard debit cards were affected may change their card's PIN for added protection against fraud. Read Target's FAQ
Dupaco members whose cards were affected have or will receive new cards. If a member should want their PIN changed, they should contact Dupaco.
ORIGINAL STORY: On December 19, Target Corporation released information about a data breach that may have impacted their customers making credit or debit card purchases in their U.S. retail stores. The retailer said credit or debit card numbers of approximately 40 million Target customers may have been exposed between Nov. 27 and Dec. 15, 2013. Read Target’s statement
PLEASE NOTE, Dupaco member information is and always has been secure, and there HAS NOT been a breach of Dupaco’s systems. Dupaco will reissue debit and or credit cards to those members affected by the Target stores data compromise. Read more
Dupaco advises all members to carefully monitor transactions to their accounts, especially those members who have made purchases at Target between Nov. 27 and Dec. 15. If you find unauthorized transactions on your account, contact Dupaco at 800-373-7600 / (563) 557-7600 immediately to report the issue.
To protect your accounts and your identity, Dupaco recommends members take the following precautionary measures:
- Monitor your bank account statements. Use online banking to regularly check account activity if possible. Report any suspicious activity to Dupaco immediately.
- Set up eNotifiers through Dupaco’s Shine Online Banking to stay on top of account activity. Transaction and balance alerts, along with the eView (daily summary of all account activity) are particularly helpful in identifying potential fraud. eNotifiers can be received via text or email, and can be customized.
- Monitor your credit card statements, and medical statements to ensure there are no charges or claims that are not yours. Notify your creditors or insurance company of suspicious activity immediately.
- Contact the three credit reporting companies and place a fraud alert on your credit file if you know you’ve been victimized by fraud: Equifax 1-800-525-6285; Experian 1-888-397-3742; TransUnion 1-800-680-7289.
- Monitor your credit report to ensure there hasn’t been any fraudulent credit opened in your name. Request your credit report from each of the three credit bureaus – by law, you are entitled to one free credit report from each bureau every 12 months. You can make the request via phone using the numbers above or online at www.annualcreditreport.com.
- When the organization that lost or leaked your information lets you know about the breach, they can further explain your options.
Careful monitoring of account activity is key to identifying and fighting fraud.