Target Investigation Continues, Chase Admits Own Breach

Dec. 23, 2013

target-security Target, which Thursday acknowledged a security breach that compromised the credit-card information of more than 40 million consumers, contacted potentially affected customers on Friday to report on the investigation.

The company told shoppers who used their credit card in Target stores during the period in question (Nov. 27 – Dec. 15) that the information stolen by hackers included their name, credit- or debit-card account number, expiration date and CVV. The company also ensured cardholders they will not bear any liability for purchases they didn’t make. On the day after news of the breach broke, Target CEO Gregg Steinhafel offered any consumer who shopped at the store this past weekend a 10 percent discount.

Fallout over the breach reached 2 million Chase bank customers this weekend as the issuer sent an email on Saturday to debit card holders whose accounts were compromised in the intrusion informing them their use would be limited until new debit cards could be issued. Until they are replaced, consumers using Chase debit cards are limited to $100 per day in ATM withdrawals and $300 per day in purchases at the POS.

Chase’s response comes less than two weeks after it notified nearly a half million customers of its own security woes. Approximately 465,000 prepaid card holders found out their personal information may have been compromised in a data network breach. The company’s UCard is used by various state and municipal governments to deliver food and welfare benefits.

Officials continue to investigate the Target intrusion, but neither the retailer nor law enforcement has made any comment about how hackers might have perpetrated the crime, whether there was inside involvement or the status of Target’s PCI compliance.