AUGUSTA, Maine — The head of the state’s Bureau of Consumer Credit Protection urged Maine residents who have Target credit and/or debit cards not to panic.
Target Corp. announced last week that hackers had stolen data from up to 40 million credit and debit cards of shoppers who visited stores between Nov. 27 and Dec. 15.
“My main concern is that folks will confuse the result of this breach, which is merely the risk of unauthorized charges, with identity theft, which is someone pretending to be you and opening up new accounts in your name,” William N. Lund said late Saturday in an email. “The law protects consumers against unauthorized charges and debits.
“If a consumer disputes a charge as being unauthorized, their own credit card bank must prove the charge is valid, or otherwise the bank must remove the charge,” he continued. “Likewise with an unauthorized debit. Prompt notification by the consumer means the money must be re-deposited by the consumer’s bank.”
Stolen data included customer names, credit and debit card numbers, card expiration dates and the code that’s embedded on the magnetic stripe on the rear of the card, according to Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. There’s no evidence the three- or four-digit security codes on the back of the cards were revealed.
“Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card,” Brian Krebs of KrebsOnSecurity reported Friday on his website.
Krebs noted that the stolen cards can be paid for using Bitcoin, Litecoin, WebMoney and PerfectMoney, virtual currency sites similar to PayPal, or Western Union.
Lund said he did not know the number of cards in Maine potentially compromised.
The Portland Press Herald reported Saturday that “nearly 1,700 credit and debit card numbers stolen from shoppers at the five Target stores in Maine are for sale on at least one black market website.”
To access the data, an individual must register with the black market website.
“As of Friday, the website listed about 500 cards stolen from the Target store in South Portland, 450 from the Bangor store, 300 from the Topsham location, and more than 200 each from the Augusta and Biddeford stores,” the newspaper reported.
Lund said that the magnetic strip used on credit and debit cards in the U.S. are considered “primitive” in Europe. Banks there require cards to have an embedded chip.
“ These types of breaches do not occur in Europe because the chips defeat efforts to duplicate cards,” he said.