Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Getting Personal. What the Target Breach Meant to One Lady Who Needed Cat Food.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Forty million is a number that’s difficult to wrap your brain around. However, the story of one woman in the small California town of Martinez narrowly missing becoming a Target breach victim brings things home as possibly nothing else can.

Here’s the story as told on

The breach of Target’s payment systems reached home last week as attempted fraud was reported by downtown resident Harriett Burt.

Burt said she received a call on the morning of Dec. 27 from a number her caller ID displayed as “private.”

“I nearly never answer those, but something made me go ahead and see what it was,” Burt said. “It also had, in the lower left corner (of the caller ID display) a bell with a line through it, and I’d never seen this before.”

The caller identified himself as being from an investigative division with Visa, and said the division showed a recent charge on Burt’s card of approximately $200, with the purchase being sent to Las Vegas. He asked if Burt lived in Las Vegas, and said he would investigate and call her back promptly.

But the call raised a red flag with Burt, who asked why the caller’s number was displayed as private on her caller ID. The caller said the division’s numbers often did not display because of the nature of their investigative work, and that he would proffer an 800 number when he called her back.

A few minutes later, the same caller rang back and gave Burt an 800 number. She instead decided to call her Visa company directly, and discovered the number the mysterious caller provided was not a number associated with Visa.

“These folks have thousands, millions of numbers, and they know in a situation like this all they really have to do is ID someone who’s been to Target,” Burt relayed from her conversation with Visa.

It’s likely Burt’s credit card number was one of 40 million hackers were able to retrieve using malicious software that infiltrated the store’s payment systems beginning Nov. 29. The only cards affected were those used for in-store purchases, which Burt says she made to buy cat food.

Hackers stole customer names, credit and debit card numbers, expiration dates, card security codes and PIN numbers, according to Target. Other customer information was not compromised, the company said, and Target is cooperating with federal authorities, including the Secret Service and Department of Justice, but is withholding additional details about the hack at the request of law enforcement.

In the meantime, anyone receiving calls from people purporting to be from credit card companies or other banking institutions is encouraged not to forfeit any information, but to hang up and call their credit and banking institutions directly. Target customers are also encouraged to check their statements carefully, especially for small purchases that may indicate fraudulent persons verifying if accounts are still active. Customers should request replacement cards, and even while new cards on the way, Target recommended PIN numbers be immediately changed.

Unfortunately for some who failed to act as intuitively as Burt, there have been instances of cash withdrawals and purchases made using PIN numbers – charges that can be difficult, and sometimes impossible, to reverse. Lawsuits are continuing to pile up over the Target hack as thousands of customers continue to be victimized by debit card fraud.

Burt said she was lucky in that she’d recently applied for a new card, and her credit line will be transferred to it. She’s since alerted Martinez Police of the call.

However, while away from home for a few hours after the initial fraudulent call, Burt said she received a muffled voicemail message from the same person who’d called that morning, again offering an 800 number. “So the fraud continues,” Burt said.

Fortunately for her, she used caution and acted correctly.

By ThreatMetrix Posted