TULSA -- Tens of millions of Target customers continue to wonder whether the theft of their personal information could impact them in years to come. Included in the bunch are 2,200 customers of Truity Credit Union in Bartlesville.
One of those Truity customers, Kaitlin Loyd, a junior at Oklahoma State University, received a letter from her credit union Jan. 8 stating that her account was among those impacted by the breach.
Weeks earlier, on Black Friday, Kaitlin and her mother were shopping at an Oklahoma City Target as part of an Angel Tree-like program for less fortunate area families.
“As an extended family we adopt a family each Christmas. So we were just shopping for the kids. We were getting stocking-stuffers for them, getting last minute clothing items for them," said Loyd.
Loyd was given two choices by her bank per the letter: Continue to use the VISA card impacted by the breach and monitor the account with fraud control measures or get a new account altogether.
For Loyd that choice was easy.
“It wasn't too difficult to cancel it and get a new one. I would much rather do that than know that my information could be out there somewhere," she said.
On Dec. 19, 2013, Target confirmed that an estimated 40 million credit and debit account numbers were breached. That initial breach pertained specifically to the 2013 holiday shopping season, which began Black Friday.
On Jan. 10, Target announced a second, distinct group of people had portions of their personal information stolen. That second batch of customers measured to be an estimated 70 million people.
Target confirmed these numbers in an email to 2NEWS:
“On December 19, we confirmed that approximately 40 million credit and debit cards of guests who shopped in our U.S. stores during that time period were taken. That remains unchanged. Friday, January 10, we shared that, as the result of the data breach, it was confirmed that the partial personal information for up to 70 million individuals was also stolen. These are two distinct groups. While there may (be) some overlap between the two groups (the 40 million and the 70 million) but we don’t know to what extent at this time.”
“Because we want to provide our guests with additional peace of mind, we have extended free credit monitoring and identity theft protection to all guests who have shopped our U.S. stores.”
Exposed personal information is exactly what Fred Menge says is the most troubling issue surrounding the Target data breach.
Menge, president and managing director of Magnir, an IT consulting firm specializing in information management and security in Tulsa, says every customer involved in this breach should be concerned.
“What's surprising to me and what freaks me out in a way is that, now, if PII is out there and it's in the category of 70 million or 100 million, along with credit cards, then that's alarming to me because then they essentially have your identity,” Menge said.
PII, or personal identifiable information, includes things like names, phone numbers, home addresses and email addresses.
Now more than ever, Menge says, consumers must take it upon themselves to protect their information.
Menge says consumers should first invest in a shredder.
“In my opinion and this is what I typically do is I shred everything. I have a shredder. Even as a Christmas or birthday gift I'll give someone a shredder, and I'll tell them to shred anything with their name on it,” Menge said.
Shredding everything includes bank statements, old medical records and even mail offers that display a recipient's address.
Menge also advises closing unused credit accounts, frequently checking debit and credit card statements and signing up for fraud alerts.
Menge says consumers shouldn't think any corporation's security is enough to thwart hackers.
“There's no security that can't be hacked. I mean everything out there is hackable. Give a perpetrator enough time, they will find a way, and that's exactly what they've done."
For Rick Loyd, Kaitlin's father and the senior vice president and chief marketing officer of Truity Credit Union, the Target data breach presented its own unique challenges. Like his daughter, Rick was hacked.
He's also part of a management team responsible for alerting 2,200 of the company's 67,000 members that they were affected by the breach.
“From a financial institution perspective, we were notified by Target as, I think, probably every other financial institution was that these are the account holders that were in this mix of 70 million at the time that they knew about,” Rick
said as he presented emails sent to him detailing the effects of the Target beach.
From the perspective of a financial institution, Rick says these breaches present a problem in public relations for the affected companies. They do not, he says, impact corporations like Target from a monetary standpoint.
“They're at a reputation risk, and that's the impact that it will have on them. But from a financial risk, the amounts that are one-to-one tied to this fraudulent activity, they're not out. The financial institution is and from our perspective that just means it goes right back down to the consumer,” he explained.
And if consumers or lawmakers demand greater protection on credit and debit cards, Rick says that cost will also ultimately get passed down.
Though his daughter Kaitlin says she loves Target, she also says she'll be more cognizant of how she pays for items at the retailer in the future.
“I'm more aware of how I pay when I go there. You know, for a while I'm only going to go there if I have cash. I'm not going to use my credit card," she said.