Shoppers fret about authenticity of Target emails

Rows of Target carts
Rows of carts await customers at a Target store in Chicago in 2012.
M. Spencer Green/AP

An email sent to the roughly 70 million Target customers who may have been affected by a pre-Christmas data breach is causing panic among those who fear it could be an attempt to victimize them again.

Target says the email, which offers free credit monitoring services to potential victims of the breach, is legitimate. But the company has identified a handful of scammers who are trying to take advantage of the public's fear and confusion.

Shawn Blakeman, 42, of Raleigh, N.C., received Target's email Friday morning, but he didn't click on the link it contained "just in case it was some kind of a website that I couldn't get out of or had a hidden virus," he says.

Consumers have been on edge since news of the data breach broke last month. And they've been warned to be on alert for possible follow-up attacks that could come in the form of phishing emails, electronic messages designed to implant malicious software on their computers or draw them to websites that prompt them to enter personal information.

Create a More Connected Minnesota

MPR News is your trusted resource for the news you need. With your support, MPR News brings accessible, courageous journalism and authentic conversation to everyone - free of paywalls and barriers. Your gift makes a difference.

So when Target's email began circulating earlier this week, many recipients questioned its authenticity. The email was especially suspicious to people who say they haven't set foot in a Target store in years.

Jim Reid, 60, of Minneapolis says he was a little nervous about clicking on the link in the email and he questioned whether it was a good idea to send Target even more personal information when they were unable to protect it in the first place.

"There's too much uncertainty," Reid says. "They keep changing what they're saying about how many people were affected, about what kinds of information were stolen. It's obvious that they really don't know."

According to Target, hackers stole data related to 40 million credit and debit card accounts and also pilfered personal information, including email addresses, phone numbers, home addresses and names of as many as 70 million customers.

Target spokeswoman Molly Snyder says it's those 70 million people that Target contacted by email. And while Target believes the theft of the roughly 40 million debit and credit card numbers only affected cards swiped between Nov. 27 and Dec. 15, the 70 million people whose personal information was stolen could have last shopped at a Target store months, or even years, ago.

Meanwhile, consumers are right to be wary of emails purportedly sent by Target. Snyder says that in recent weeks the retailer has stopped more than a dozen operations that sought to scam breach victims by way of email, phone calls, and text messages.

Target says all of the letters it's sending to shoppers are posted on the company's website, along with information about what customers need to do to sign up for Target's free credit monitoring.

Snyder confirmed that the information gathered for the free service won't be used for marketing purposes. While shoppers are being offered the option of continuing the monitoring service after a year, they won't be automatically re-enrolled in the service or receive a bill.

The retail giant wasn't the only company to get hit with a data breach over the holidays. Last week, Neiman Marcus said thieves stole some of its customers' payment information and made unauthorized charges over the holidays. The Dallas-based luxury retailer is also offering its customers free credit monitoring for a year and plans to post sign-up instructions on its website by the end of next week.

Target's credit monitoring is being provided by Experian. Company officials wouldn't disclose details about how many Target customers have signed up for the free services.

Blakeman says he was immediately skeptical when he saw the email from Target.

After the news broke a few weeks ago, his bank automatically sent him a new debit card, so he's not worried about his bank account. And while he remains concerned about identity theft, he probably won't sign up for Target's free credit monitoring.

"I know there's always a chance it could happen to me," he says. "I can't win the Powerball, but watch me get hit with identity theft."