Earlier this morning, Target (NYSE:TGT) confirmed that it had been hit by a large-scale credit card breach. Beginning just before Thanksgiving and running through this past weekend, customers who used credit cards at some of the company's U.S. locations may have had their information stolen at Target's point-of-sale terminals. Early estimates put the number of potentially compromised cards at around 40 million.
If it turns out to be an accurate reading of the situation, the breach will end up being similar in size to the theft of 45.7 million credit cards from TJX brand stores in 2005. That attack took place over more than a year, and resulted in the business paying out almost $10 million to states in the attack's wake.
Point-of-sale attack at Target
These sort of attacks are becoming more common, and the Target breach isn't the only one to have come along in the last 12 months. Barnes & Noble customers were subject to a similar -- if smaller-scale -- attack last year. Sixty-three of the company's 700 or so locations were affected by altered PIN pads. Due to the fact that both attacks were focused on point-of-sale devices, it's likely that both were carried out with some insider help -- either knowingly or accidentally.
For Target, the long-term ramifications are still unknown. In most states, companies are not required to pass on warnings about account theft unless there are multiple bits of information stolen -- like a credit card and Social Security number. Target may also be playing it close to the vest in order to help the credit card companies and U.S. Secret Service complete their investigations without alerting the criminals.
What happens next
For customers, it could mean a hassle for the holidays. While customers are protected from monetary loss due to the Electronic Funds Transfer Act, or EFTA, they're not protected from paperwork. Compromised cards and PINs will need to be changed, once the full extent of the attack is known. Right now, reports are that the attacks only took place in-store, but online transactions are under investigation.
If you think you may have been affected, first, don't panic. The EFTA gives you time to report unauthorized activity without being held liable. In the case of a card number being stolen -- credit or debit -- without the physical card going missing, consumers are "not liable for those transactions if [they] report them within 60 days of [their] statement being sent to [them]."
Target is also offering assistance, and customers who have seen unauthorized activity are encouraged to call 866-852-8680. If you shopped at Target with a debit card, it also can't hurt to change your PIN proactively -- or give up all together and go Bitcoin.*
*Advice not recommended in China.
Fool contributor Andrew Marder has no position in any stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.