Fraud on the Target Visa call center
Technorati Tag: Security Breach
Date Reported:
1/22/08
Organization:
Target Corporation
Contractor/Consultant/Branch:
Target Financial Services
Target National Bank
Unknown contract company
Victims:
Target Visa customers
Number Affected:
Unknown*
*Target estimates that there were three (3) affected New Hampshire residents. It is assumed that the nationwide number is larger.
Types of Data:
Target Visa account information, including name, address, account number, social security number and telephone number.
Breach Description:
The Target Fraud Prevention team discovered that three employees of a company that provides call center assistance for Target National Bank used the privileges granted as part of their job to commit fraud. The suspected employees used Target Visa card account information to place fraudulent charges on Target Visa accounts.
Reference URL:
The New Hampshire State Attorney General breach notification which accidentally included the letter sent to Mass. residents.
The New Hampshire State Attorney General breach notification which includes the correct letter sent to New Hampshire residents.
Report Credit:
The New Hampshire State Attorney General
Response:
From the online sources cited above:
We value the relationship we have with you and the trust you have in us. Unfortunately, I am writing to let you know about an incident that may have involved tne compromise of some of your Target Visa account information, including name, address, account number, social security number and telephone number.
Recently, the Target Fraud Prevention team became aware of suspicious activity
on some Target Visa accounts.
The suspicious activity was tied back to employees of a company that provides call center support services to Target National Bank, the issuer of the Target Visa credit card.
[Evan] If you read the breach notification too fast you may miss the "employees of a company" remark. To me this means that these were employees of a contractor.
To assist account holders with their questions, employees of the call center have access to information about Target Visa accounts in the course of their normal job duties.
[Evan] I would think that there is a pretty easy way to limit the amount of information that call center employees have to account information. Maybe it would still work if portions of sensitive information were masked.
Based on Target's investigation into the incident, we have determined that three employees of the call center accessed information about certain Target Visa accounts.
Subsequently, these employees used some of the account information to place fraudulent charges on Target Visa accounts.
The three employees involved in this incident have been terminated by the call center.
[Evan] I would hope so!
Target National Bank has renumbered all Target Visa accounts that appear to have experienced fraudulent activity as a result of this incident. Fraudulent charges identified on these accounts have been removed.
As a precaution, Target also is renumbering those accounts that have experienced the same pattern of access even though no fraudulent activity has been identified.
[Evan] Better safe than sorry. Good.
If yours is one of these accounts, we will be renumbering your account and issuing new card(s) for every card holder on your account. Your old card(s) will be turned off, so it's important that you activate your new card(s) right away.
we are also making a credit monitoring product available to you, free of charge. This product is a one year paid subscription to ConsumerInfo.com, Inc.'s Triple Advantage SM Premium Credit Monitoring.
We are very sorry this incident occurred, and we deeply regret any inconvenience or worry this may cause you. If you have any questions, please call us at 1.. Representatives will be available seven days a week from 6.00am to 10:00pm (CST) to respond to your questions
[Evan] This time you will not get a criminal!
Commentary:
I can only imagine that this type of fraud happens more often that we think. There is no mention of how the Target Fraud Prevention Team "became aware" of the suspect activity that led to the investigation. If I were a betting man, I would say that a customer called.
I like the response by Target. They run a well-respected information security team over there, or so I hear. I was a little disappointed to hear that call center employees have what appears to be too much access to account information. No disrespect to call center employees, but they are typically not high-paid, high-skilled, or appreciated enough.
Past Breaches:
Unknown
Date Reported:1/22/08
Organization:
Target Corporation
Contractor/Consultant/Branch:
Target Financial Services
Target National Bank
Unknown contract company
Victims:
Target Visa customers
Number Affected:
Unknown*
*Target estimates that there were three (3) affected New Hampshire residents. It is assumed that the nationwide number is larger.
Types of Data:
Target Visa account information, including name, address, account number, social security number and telephone number.
Breach Description:
The Target Fraud Prevention team discovered that three employees of a company that provides call center assistance for Target National Bank used the privileges granted as part of their job to commit fraud. The suspected employees used Target Visa card account information to place fraudulent charges on Target Visa accounts.
Reference URL:
The New Hampshire State Attorney General breach notification which accidentally included the letter sent to Mass. residents.
The New Hampshire State Attorney General breach notification which includes the correct letter sent to New Hampshire residents.
Report Credit:
The New Hampshire State Attorney General
Response:
From the online sources cited above:
We value the relationship we have with you and the trust you have in us. Unfortunately, I am writing to let you know about an incident that may have involved tne compromise of some of your Target Visa account information, including name, address, account number, social security number and telephone number.
Recently, the Target Fraud Prevention team became aware of suspicious activity
on some Target Visa accounts.
The suspicious activity was tied back to employees of a company that provides call center support services to Target National Bank, the issuer of the Target Visa credit card.
[Evan] If you read the breach notification too fast you may miss the "employees of a company" remark. To me this means that these were employees of a contractor.
To assist account holders with their questions, employees of the call center have access to information about Target Visa accounts in the course of their normal job duties.
[Evan] I would think that there is a pretty easy way to limit the amount of information that call center employees have to account information. Maybe it would still work if portions of sensitive information were masked.
Based on Target's investigation into the incident, we have determined that three employees of the call center accessed information about certain Target Visa accounts.
Subsequently, these employees used some of the account information to place fraudulent charges on Target Visa accounts.
The three employees involved in this incident have been terminated by the call center.
[Evan] I would hope so!
Target National Bank has renumbered all Target Visa accounts that appear to have experienced fraudulent activity as a result of this incident. Fraudulent charges identified on these accounts have been removed.
As a precaution, Target also is renumbering those accounts that have experienced the same pattern of access even though no fraudulent activity has been identified.
[Evan] Better safe than sorry. Good.
If yours is one of these accounts, we will be renumbering your account and issuing new card(s) for every card holder on your account. Your old card(s) will be turned off, so it's important that you activate your new card(s) right away.
we are also making a credit monitoring product available to you, free of charge. This product is a one year paid subscription to ConsumerInfo.com, Inc.'s Triple Advantage SM Premium Credit Monitoring.
We are very sorry this incident occurred, and we deeply regret any inconvenience or worry this may cause you. If you have any questions, please call us at 1.. Representatives will be available seven days a week from 6.00am to 10:00pm (CST) to respond to your questions
[Evan] This time you will not get a criminal!
Commentary:
I can only imagine that this type of fraud happens more often that we think. There is no mention of how the Target Fraud Prevention Team "became aware" of the suspect activity that led to the investigation. If I were a betting man, I would say that a customer called.
I like the response by Target. They run a well-respected information security team over there, or so I hear. I was a little disappointed to hear that call center employees have what appears to be too much access to account information. No disrespect to call center employees, but they are typically not high-paid, high-skilled, or appreciated enough.
Past Breaches:
Unknown
Posts Atom 1.0
Comments