Dec. 20, 2013 at 6:59 AM ET
The U.S. Secret Service is now leading the investigation into the massive security breach at Target, affecting customers at all their stores between Nov. 27 and Dec. 15 — the peak of the holiday shopping season. As many as 40 million credit and debit card numbers were hacked.
This kind of fraud is on the rise. Fifteen million Americans had their bank account or credit card information stolen in 2012, according to the Department of Justice. That’s up 30 percent from 2008, when the number was 10.5 million.
Target shopper Krissy Yurko got an overdraft alert on her debit card and fears she's already been victimized. "(I) noticed my bank account is pretty low and was scrolling through and saw a $1273 charge to the Microsoft store," she said.
Here are answers to frequently asked questions about the Target breach:
How did the thieves do it?
Authorities still don't know. But experts believe it was either sophisticated, organized criminals who may have planted a virus in Target's system, or it was an inside job. Target has now hired a third party forensic firm to prevent it from happening again.
What exactly did the thieves steal?
All the information on the cards' magnetic strips, including full names, card numbers, expiration dates, even security codes.
Is the problem fixed?
Target says yes, it's "identified and resolved" the issue. But it took target three weeks to realize it. And experts say the damage was already done. "Forty million records is a large number," said security expert Nelson Ludlow. "That means in the United States, there's a one-in-seven chance your credit card has been compromised."
If I shopped at Target over the past few weeks, what should I do?
If you used a credit or debit card, you should keep an eye on your card activity and call to dispute any fraudulent charges. To be extra safe, you can also cancel your card, and get a new number.
Am I at risk for more extreme identity theft?
The magnetic strip on the back of your card doesn't have your Social Security number or your address or your phone number. Information thieves would need to actually open accounts in your name and impersonate you, so experts say the risk of total identify theft is fairly slim.
But one precaution you can take is to ask the credit reporting agencies to put a fraud alert on your file. That means they'll give a closer look to any requests for your credit report info.
There is a downside to that: If you're legitimately trying to open an account, you'll also get more scrutiny.
Is there anything else I can do to better protect my personal information?
There are a few things you can do to protect yourself. Obviously, using cash is the safest way to go. The next-best option is to use a credit card versus a debit card; that way you can dispute the charges if there's fraud, and the money isn't coming straight out of your bank account.
Experts say it's always a good idea to monitor your credit report regularly. You can get a free copy from each of the agencies once a year here.