Target apologizes for stolen customer data with mass email
“Important message from Target to our guests”
You may have received an email from Target Chairman, President and CEO Gregg Steinhafel (from email TargetNews@target.bfi0.com, etc.) with the subject Important message from Target to our guests concerning their recent system breach at the end of last year.
The emails sent out from Target are not spam, they are not a hoax. This is a legitimate email message and not a Target scam like the Target Shopping Survey email scam. This incident did happen and many people may fall victim to serious crimes and scams, including credit and identity theft.
If you have yet to hear, Target was victim to a massive security breach in December 2012 in which criminals stole customer and guest information including credit and debit card data, full names, mailing addresses, phone numbers, email addresses, and more.
Criminals were first able to infect Target store checkout counters in order to extract customer data for 6 days. The malware would then transmit the stolen data to an external FTP, using another infected machine within the Target network.
The hackers then used a virtual private server (VPS) located in Russia to download the stolen data and continued to download the data over a two week period.
Since this incident occurred over 70 million emails were sent as a mass apology from Target and Gregg Steinhafel to all of their customers; including online Target.com shoppers, Target credit holders, Neiman Marcus customers, and more. The email also details that Target guests will receive 1 free year of credit monitoring to U.S. stores through Experian’s® ProtectMyID® product which includes identity theft insurance where available.
- To receive your unique activation code for free credit monitoring service provided by Target Stores, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
- If you missed the email from Target here a screenshot of it with the content written below:
Dear Target Guest,
As you may have heard or read, Target learned in mid-December that criminals forced their way into our systems and took guest information, including debit and credit card data. Late last week, as part of our ongoing investigation, we learned that additional information, including name, mailing address, phone number or email address, was also taken. I am writing to make you aware that your name, mailing address, phone number or email address may have been taken during the intrusion.
I am truly sorry this incident occurred and sincerely regret any inconvenience it may cause you. Because we value you as a guest and your trust is important to us, Target is offering one year of free credit monitoring to all Target guests who shopped in U.S. stores, through Experian’s® ProtectMyID® product which includes identity theft insurance where available. To receive your unique activation code for this service, please go to creditmonitoring.target.com and register before April 23, 2014. Activation codes must be redeemed by April 30, 2014.
In addition, to guard against possible scams, always be cautious about sharing personal information, such as Social Security numbers, passwords, user IDs and financial account information. Here are some tips that will help protect you:
Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number.
Delete texts immediately from numbers or names you don’t recognize.
Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.
Target’s email communication regarding this incident will never ask you to provide personal or sensitive information.
Thank you for your patience and loyalty to Target. You can find additional information and FAQs about this incident at our Target.com/databreach website. If you have further questions, you may call us at 866-852-8680.
Chairman, President and CEO
If you received a different email than the one listed, ignore it! It could be spam, a phishing attempt, or a scam.