Call centers, website swamped after data breach that put millions of cards at risk.
Anxious consumers besieged Target Corp. on Thursday after the company acknowledged that hackers may have gained access to credit and debit card information from 40 million shoppers.
The swarm of people who tried to access their Target Redcard account information online or who called customer service overwhelmed the company’s systems, piling frustration on top of the questions surrounding the brazen attack.
Target confirmed early in the day that a data breach had potentially exposed card information from shoppers who made purchases in the company’s nearly 1,800 U.S. stores between Nov. 27 and Dec. 15. Online transactions weren’t affected, the company said.
The Minneapolis-based company said it took immediate steps to eliminate the problem once it was identified. The company didn’t provide any explanation for how it happened, but a person familiar with the investigation said that malicious software was placed on Target’s point-of-sale terminals near store registers, where customers swipe their cards.
Target spokeswoman Katie Boylan said the company’s investigation is continuing. “This is obviously a sophisticated crime that we’re dealing with,” Boylan said.
A range of credit cards, including Visa, American Express and Target’s own Redcard, were likely exposed, although the extent of the impact is far from clear.
Thieves accessed customers’ names, credit and debit card numbers, card expiration dates and CVVs, the card verification value that shoppers know as the three-digit security number typically displayed on the back of their cards.
Boylan declined to answer questions about whether Target knows of customers who have seen fraudulent charges made on their cards as a result of the breach, which was disclosed by computer security blogger Brian Krebs on Wednesday.
She also declined to make one of Target’s payments experts available to answer questions about how the attack occurred.
Target is working with an unidentified third-party forensics company to investigate the attack. “We’re putting all of the appropriate resources on this issue,” Boylan said.
The Secret Service is also investigating the breach but won’t release any details of its probe, said spokesman George Ogilvie in Washington. The Secret Service investigates instances of device fraud, such as compromised ATMs and cyberintrusions, Ogilvie said.
Major card issuers such as Wells Fargo & Co. and Capital One Financial Corp. issued statements Thursday reminding that cardholders are not responsible for fraudulent activity on their cards.
Caller gets a busy signal
Boylan said Target was experiencing significantly higher customer calls than normal because of the security breach, as well as heavier traffic to the Redcard portion of its website. The company was adding people and system capacity to address the delays, she said.
Kevin Hale, a retired dental technician in Wood Dale, Ill., said he called Target when he wasn’t able to access his Redcard account to check for suspicious activity. He got a busy signal.
Hale said he wanted some peace of mind since he used his Target card recently to buy groceries.
“I’m only concerned because I did shop there during the period’’ of the security breach, he said.
Scott Mayer of Minneapolis said he was a victim of the data breach. He shopped at Target on Thanksgiving, and his credit card company notified him of a fraudulent purchase made at a Best Buy in Seattle a few days ago.
Mayer said he wouldn’t be leery about using a credit card at Target again, however.