Security breach includes Canadian shoppers: Target

Shoppers who visited U.S. Target stores may be among those who have had their personal information stolen

TORONTO – Target is warning its Canadian customers that a massive security breach at the retailer over the holiday season may have led to their personal information being stolen.

An email sent to some customers by the retailer on Monday said it believes cross-border shoppers who went to U.S. Target stores between Nov. 27 and Dec. 15 were affected.

Target said its investigation found that personal information, like the names, addresses, emails and phone numbers of some Canadians may have been stolen.

The breach does not extend to payment data for the debit and credit cards of Canadians, which is what was taken from U.S. customers, it said.

“Target Canada stores were not impacted by the payment card breach,” added president and CEO Gregg Steinhafel in the message.

Spokeswoman Lisa Gibson says the email was only sent to Canadian shoppers who Target believes could have had their information stolen.

However, the message also went to at least some Target Canada card holders who weren’t in the United States over the affected period.

The security breach is believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers. Gibson said the number of Canadians affected is estimated to be “well under” one per cent of the total, which represents less than 700,000 customers.

Target has said Canadian stores weren’t affected because they use a different payment system at cash registers.

The email to Canadian shoppers said Target has hired a third-party forensics firm to investigate the incident. It also plans to announce a “a credit-monitoring offer for impacted Canadian guests.”

In the United States, police say account information stolen during the Target security breach is now being divided up and sold off regionally.

A South Texas police chief said officers had arrested two Mexican citizens carrying 96 fraudulent credit cards.

The cards, used by 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez, both of Monterrey, Mexico, carried the account information of South Texas residents, said McAllen, Tx. Police Chief Victor Rodriguez.

They were used to buy tens of thousands of dollars’ worth of merchandise at national retailers in the area.

The two were arrested Sunday morning at the border trying to re-enter the United States.

Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx, Marshall’s and Winners, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn’t detected until December 2006.

In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws

— With files from The Associated Press




Browse

Security breach includes Canadian shoppers: Target

  1. The real worry is that other retailers, possibly using the same POS terminals will be
    attacked next.

    Isn’t it time to look for a solution, before this happens?

    For instance, why do you have to give your credit card details to the
    retailer, to pass to the credit card company? Obviously, so they can know who
    you are, and that it’s really your card. Okay, then, why not use an
    authentication system based on your ID, instead? Then, the credit card need
    only contain your user ID, which they could check, and tie in with the card
    details, which they already know. That way, the retailer would have nothing
    worth stealing. Of course, the authentication system would need to be
    fraudproof, and I believe there’s a description of such a system at http://www.designsim.com.au/What_is_SteelPlatez.ppsx.

    I guess the other benefit of doing something like this, is that the
    credit card companies wouldn’t have the expense of changing to EMV cards, or
    resorting to something unpleasant, like biometrics.

Sign in to comment.