Feature Article
Mark Pribish
Lessons Learned from Target's Historic Data Breach
By Mark Pribish
Vice President and ID Theft Practice Leader

The recent Target data breach should provide some basic lessons for businesses and consumers in today's cyber world.

First and foremost, every business - especially small to medium size businesses - should incorporate a proactive approach and dedicated program to protect customers and employees from a data breach event.

The new standard in being a successful business is to be a safe business - where every business and organization needs to support a proactive breach response program including reputation management, forensics, notification, call center support, and credit monitoring.

Fortunately, the Target, Niemen Marcus and others yet to be named, data breach events have increased our awareness of information security and identity theft.

Unfortunately, most businesses and consumers do not know that the largest banks, insurance companies and credit bureaus in the United States - all of which have invested heavily in IT security, and possess our most confidential personal information - have ALL been breached multiple times in the last several years.

Furthermore, a recent report from the computer firm hired to look into the Target data breach highlights how the "tactic used by the hackers is new to eCrime" and concludes that since this style of POS (Point of Sale) hacking can net big rewards for the cyber crooks with little risk, cardholders "can expect more of this type of breach" and that the Target (and now Neiman Marcus) data breach includes a larger number of retailers.

So what can be done? Consumers need to be more proactive against identity theft by asking the organizations they do business with (e.g. retailers, healthcare, education, social media, etc.) about their security standards. Consumers should also take responsibility by increasing their education on subjects like phishing, where fraudsters create very convincing emails to steal personal information.

Businesses - especially small to medium size businesses - need to be more secure by assessing how prepared their organization is in detecting internal and external threats and having a data breach response plan in place to support any employee or customer whose information has been lost or stolen.

The fact is no one company can ever prevent itself from experiencing a data breach and no one company can ever prevent an individual consumer from becoming an identity theft victim.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.

Scam Central

Target shoppers becoming the targets!

By now, most people are aware of the Target data breach that has affected upwards of 110 million consumers. If you shopped at Target from November 27th to December 15th, 2013 and swiped your credit or debit card to pay for your purchase, your personal information, including name, credit or debit card number, expiration dates, and encrypted PIN numbers were compromised. This is not how anybody wants to kick off his or her holiday season!

Now, to make matters worse, scammers are preying on consumer's fears. By using the keyword "Target" in their approach, scammers are attempting to take advantage of the data breach by using some older, well-known techniques we have discussed previously.

How It Works:

You may receive an email or text message claiming to be from your credit card company alerting you that your credit card has been blocked due to fraudulent activity. The text message provides a phone number asking you to call and verify your account information. As you can imagine, the person on the other end of the phone is not your credit card company, but a scammer.

If you do not receive a text message, you may receive a well-crafted and professional looking email that claims to be from Target. The emails look genuine, including Target logos, colors, graphics, etc., but rest assured, this email is not from Target at all.

Phone calls may be the next tool of choice for scammers. You may receive a phone call from someone claiming they represent Target, or perhaps your credit card company regarding your Target purchase, and they need to verify personal information. However, like the text message and fake phone number, the person on the other end of the phone is not from Target, or your credit card company.

Your Defense:

These types of scams are not new, but it can be difficult to determine if someone is attempting to scam you, especially in the wake of a data breach you know you may have been affected by. The Better Business Bureau has identified a few steps you can take to avoid being scammed. You can read the article here.

  • Check Target's official website for phone numbers and communication techniques
  • Do not fall for fake emails. Just because an email looks real, does not mean it is
  • Do not click links or open attachments in unexpected emails
  • Watch for bad grammar

If you receive an email you believe is phony, forward it to the FTC at spam@uce.gov and then delete it. If you happen to receive a strange text, delete it. If you receive a suspicious phone call, hang up. Whatever you do, do not become victim to another scam out of fear.

If you believe you are a victim of the Target data breach, you may contact your credit card company and bank to have new cards issued. You may even consider changing your PIN number for good measure.

Be alert, and stay safe.

If you believe your identity has been stolen, call 866.SMART68 today.