data breach FAQ

Answers to commonly asked questions for guests impacted by the recent data breach.

featured content

A message to our guests

We truly value our relationship with you, our guests, and know this incident had a significant impact on you. We are sorry. We remain focused on addressing your questions and concerns.

  • You have zero liability for any charges that you didn’t make.
  • No action is required by you unless you see charges you didn’t make.
  • Be wary of call or email scams that may appear to offer protection but are really trying to get personal information from you.

Read on for answers to some common questions, and check back as we continue to update this list with more details.

About the breach

  • What happened? : minimize panel

    In mid-December 2013, we learned criminals forced their way into our system, gaining access to guest credit and debit card information. As the investigation continued, it was determined that certain guest information was also taken. The information included names, mailing addresses, email addresses or phone numbers. We have partnered with a leading third-party forensics firm who is thoroughly investigating the breach.

Guest information

Credit and debit cards

  • Should I call Target to see if my credit or debit cards were affected? : minimize panel

    You don’t need to call us unless you believe there are suspicious charges to your Target REDcard. Target already has fraud alerts in place and is actively monitoring REDcard accounts that may have been impacted.

    The banks that issue non-Target credit and debit cards also have been notified and have similar processes in place. You too, should keep a close watch on your account by reviewing your credit or debit card statements.

    You should call your card’s issuing bank if you discover any suspicious, unusual or fraudulent activity.

  • Will my card’s financial institution be able to tell me if I was impacted? : minimize panel

    Target shared the impacted credit and debit card information with the processors, who in turn, shared with the issuing banks. You should continue to closely monitor your credit or debit card account information and immediately report any fraudulent or suspicious activity by calling the number on the back of your card.  One recommended safety precaution is to change the PIN number on your debit card.

    If you decide to change your PIN number on your Target REDcard debit card, go to

  • What impact did the breach have on PIN numbers? : minimize panel

    On Dec. 27, 2013, we were able to confirm, through additional forensic work, that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.

  • Why does Target think PIN data can’t be compromised? : minimize panel

    Due to how the encryption process works, Target does not have access to nor does it store the encryption key within our system. The PIN information is encrypted within Target’s systems and can only be decrypted when it is received by our external, independent payment processor. What this means is that the “key” necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident.

Scams and phishing

  • What kind of scams do I need to watch out for? : minimize panel

    Following an event like a data breach, it’s common to see fraudsters use emails, texts, phone calls and fake websites to try to steal your personal information.

    • Social Engineering: Using fraud or deception to manipulate people into performing actions or divulging information that they would normally not share.
    • Social Engineer: A scam artist who contacts individuals via phone, email, text message or even in person to gather information for the purposes of fraud, data system access, identity theft and more.
    • Phishing: A social engineer uses a fake email to trick recipients into giving up credit card information, passwords or other sensitive information. The email may appear to come from a trusted source, such as a reputable company or bank, and often includes personal details so it appears the sender knows you.
    • Smishing: Similar to Phishing (see above), a social engineer sends a fake Short Message Service (SMS) text message to your cell phone, announcing that you’ve won a prize or offer from a trusted company or bank if you follow a link to a website and enter a code. Clicking the link can expose your phone to malware.
    • Pretexting: When a social engineer impersonates someone with authority and creates a fake scenario to trick unsuspecting individuals into sharing private or sensitive information.
  • What are some things I can do to avoid social engineering scams? : minimize panel
    • Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you.
    • Don’t respond to texts or emails coming from a contact you don't recognize, and don’t click on links. Instead, if you need to check on your account, type the site address you want visit into your browser and securely log into your account.
    • Don’t send money to strangers; scam artists often insist that you wire money, especially overseas, because it’s difficult to trace the transaction.
    • Keep an eye on your monthly statements. If your account information is stolen, fraudsters can use it to charge purchases or commit crimes in your name. Watch for unusual charges such as “membership fees” and other goods or services you didn’t authorize. If you see a charge you don’t recognize, contact your account provider immediately.

Using your REDcards

  • If I close my account, can I reopen it later? : minimize panel

    A Target REDcard account that is closed cannot be reopened, but you can apply for a new account.  Please be aware that you must wait at least a day after closing your REDcard account to reapply. New accounts are subject to current terms and conditions, which may not be the same as your closed account.  If you have a non-Target credit or debit card, questions about your account can be addressed by calling the number on the back of your card.

  • How do I add an alert to my REDcard credit card? : minimize panel

    REDcard credit cardholders can set up alerts through Manage My REDcard so they can be informed every time their card is used. On, click on “Manage my REDcard” at the bottom of the page. Sign in to Manage My REDcard with your username and password. Under Settings, click “Set Alerts” on the left hand navigation menu. Select your alert and delivery preferences. Click “Save” and you’re ready to receive alerts.

Free Credit Monitoring

  • What was offered as part of the credit monitoring/ProtectMyID? : minimize panel
    The one year of free monitoring membership to ProtectMyID included:
    • Credit Report: Registrants received a free copy of their Experian credit report. If they enrolled online, their report was available online for 30 days.
    • Daily Credit Monitoring: Registrants were eligible to receive alerts for one year that reflect changes to their Experian credit report during their membership term. This included new inquiries, newly opened accounts, new derogatory information (such as delinquencies or medical collections) and more.
    • Identity Theft Resolution: If confirmed that registrants have been the victim of identity theft, they will be assigned a dedicated, U.S.-based Experian Fraud Resolution Agent who will walk them through the fraud resolution process—and remain available to answer questions—from start to finish.
    • Identity Theft Insurance: If registrants have been a victim of identity theft relating to this incident, they will immediately be covered by a $1 million insurance policy that can help cover certain costs, including lost wages, private investigator fees, and unauthorized electronic fund transfers for one year.
    • ProtectMyID ExtendCARE: Access to personalized assistance from a highly-trained Fraud Resolution Agent will continue even after the initial one year ProtectMyID membership expires.

Chip-and-PIN-enabled Cards

  • Does this mean my current Visa card is not safe? : minimize panel

    We have taken significant measures to secure our guests’ personal data, no matter which payment option they use. We are adopting chip-and-PIN technology as another layer of protection so guest can shop with even greater confidence that their personal data is secure.