Target is warning shoppers to beware of phony consumer-protection emails and text messages, sent by thieves trying to trick consumers into revealing Social Security or account numbers.
As Christmas Day neared, Target was still coping with aftershocks from the data theft of up to 40 million credit and debit card accounts, revealed last week. On Monday, the Minneapolis-based discounter:
-- Warned consumers to "be wary of calls or email scams that may appear to offer protection but are really trying to get personal information from you."
-- Took a huge hit on its reputation, far more severe than the damage caused by similar large-scale breaches, according to a consumer survey released by YouGov BrandIndex.
-- Confirmed that the massive breach was due to "malware that affected Target's point-of-sale systems," the card-scanners that accept and relay card information.
-- Said the Department of Justice is investigating the security breach. The DOJ declined to comment. The Secret Service confirmed last week that it is investigating.
-- Instructed debit-card holders to change their PINs, or personal identification numbers. While those numbers were not stolen in the breach, Target now says that changing them would be "an additional precaution." Target cardholders can change them at Target.com/RCAM.
-- Had mixed reports about the impact on shopper traffic. Target's weekend storewide promotion of 10 percent off contributed to heavy crowds on the busiest weekend of the year. By some measures, store traffic declined. By other measures, Target held its own.
From Nov. 27 to Dec. 15, thieves systematically "pilfered private credit and debit card data used at Target's U.S. stores, up to 40 million accounts in all. The breach compromised data from all brands of credit and debit cards, including Target's own Redcards, American Express, Visa and MasterCard. Online purchases were not affected.
Over the weekend, consumers began to see a growing number of scams related to the Target breach. Some preyed on consumer fears about stolen card numbers and crime rings.
One text message arriving Sunday, apparently widely sent, claimed the recipient's Visa card had been blocked "due to fraud" and asked shoppers to call an 804 telephone number.
On the website CallerComplaints.com, a woman named Darlene wrote that she "got a message saying to call because VISA debit card had been limited due to fraud ... called from my home line ... first thing the call asked was for me to enter my debit card # ... something wasn't right."
On its corporate website, Target warned that others have received calls and emails "from someone who said they were with Target asking for my Social Security number and other personal information."
Target's advice: "Do not provide that information. Your Social Security number was not compromised ... If you have any questions, hang up and do not respond and contact Target at the number on the back of your card."
The company added, "If you've received something that you can't confirm on our corporate site, then it is not an official communication from Target."
The Minnesota Department of Commerce recommends that consumers "be very suspicious of any unsolicited email requesting personal information." Do not open attachments, do not click on links, and check with the actual business to make sure the email is genuine, the department said.
Target said it will provide credit-monitoring services "to every single guest that was impacted" -- but that service isn't yet available to shoppers.
"We are in the process of establishing the service and will be reaching out to guests in the coming weeks with more information," Target said Monday.
Since confirming the security breach Dec. 19, Target has since been overwhelmed by anxious customers flooding its website and call centers. Target said it has increased staffing, but its Facebook page is still awash in complaints.
"Dear Target, Thanks for ruining my Christmas," wrote Patrice Malkowski in Pennsylvania. "I don't have 3 million other things to do two days before Christmas, but I have been on hold with the card company for over three hours ..."
Target's consumer-perception scores have taken a huge hit from the breach and later turmoil, based on consumer insight data from YouGov Brand Index. Target isn't the first company to suffer a big security breach, but it seems to be taking a more severe hit.
"Target's perception dropped more in one day than either PlayStation or Citibank did one week after their breaches became public," wrote Brand Index's Ted Marzilli.
It took PlayStation's reputation eight weeks to recover from its 2011 data breach, while Citibank took four weeks, Marzilli noted.
As for store visits, there were mixed reports.
Retail watcher America's Research Group's CEO Britt Beemer said a consumer survey found "Target weathered the storm from the credit card security breach amazingly well ... largely due to a smart move on their part of giving consumers an additional 10 percent off this past Saturday and Sunday."
Meanwhile, the retail analysis firm Consumer Growth Partners found that weekend traffic to Target stores was down about 3 percent from last year.
On Wall Street, Target shares fell another 1 percent Monday, down 61 cents to close at $61.88.
This story includes information from the Associated Press.
Tom Webb can be reached at 651-228-5428. Follow him at twitter.com/TomWebbMN.of
Most Popular Stories
- National Retail Federation Reduces Sales Forecast
- Amazon Hiring on Calif.'s Central Coast
- Execs Help Entrepreneurs, Get Chevy Volts
- Pandora Tumbles in Late Trading
- Sporty Ford Fiesta Fires on All 3 Cylinders
- Prison Workers Wanted
- Jennifer Lopez Throws Big Bash for Birthday
- Citigroup Unit Paying $5 Million to Settle SEC Charges
- Small Firms Take Out the Trash in Jersey
- Obama Seeks Help From Central American Leaders