Skip Navigation
Attorney General Bill SchuetteMichigan.gov
Michigan.gov Home
close print view

Security Breaches - Target, Neiman Marcus, and Michaels

CONSUMER ALERT

 

BILL SCHUETTE

ATTORNEY GENERAL

The Attorney General provides Consumer Alerts to inform the public of unfair, misleading, or deceptive business practices, and to provide information and guidance on other issues of concern.  Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.

  

Target, Neiman Marcus, and Michaels Security Breaches 

 

Target


On December 19, 2013, Target reported credit and debit card information for approximately 40 million consumers may have been compromised. Target determined that the information involved in this incident included customer name, credit or debit card number, the card’s expiration date, and CVV1 (a security code stored on the credit card’s magnetic stripe). Target reported that the breach involves credit card and debit card information for purchases at its retail stores only; online purchases were not affected.

On January 10, 2014, Target reported that personal information, such as phone numbers, addresses, and email addresses, for 70 million people were also exposed. The company reports it does not know how much overlap exists between the original 40 million customers and the additional 70 million, raising the possibility that the data of up to 110 million people was taken. While the exact number of affected consumers is unclear, this data breach appears to be one of the largest in U.S. history.

Attorney General Schuette is actively engaged in investigating this matter with colleagues across the county. Target is also working with the Department of Justice and the Secret Service to investigate the incident.

Below is helpful information for Michigan consumers who may have been affected by this breach:

  1. Target has created a website to provide information and resources related to this breach—https://corporate.target.com/about/payment-card-issue. You may also access Target’s information directly from the company’s corporate homepage (www.Target.com). Visit this page for regular updates and reliable information, including all official company communications.
Target also has a page for data breach FAQs.
  1. Target has assured the Attorney General that consumers will not be liable for any fraudulent charges that result from this security breach.

  2. Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped U.S. stores. Guests can register for this offer by visiting https://creditmonitoring.target.com/.  Guests will then receive an email from Target within 1-5 days that will include the unique activation code and instructions on how to register their code with Experian’s ProtectMyID. Guests will have until April 30 to register their code with ProtectMyID.
Target also developed a new Credit Monitoring FAQ page where guests can learn more and find answers to some of their commonly asked questions.
  1. Target will not ask a consumer to provide any personal information, i.e. social security number, or to confirm any credit or debit card information by phone or email. Unfortunately, many fraudulent websites have started to emerge where scammers hope to obtain personal information. You should not provide any personal information in response to an email or phone call.
If you receive any communication claiming to be from Target, you should visit Target’s main breach website (see the “official documents & communication” area) to verify that it is a legitimate email from Target.
  1. Remain vigilant. Review your credit card and bank statements regularly and provide written notification of any questionable activity.

At a minimum, customers who shopped at Target with a debit card should change their PIN, the personal identification number. You can also request a new debit card from the issuer.

 

neiman marcus


On January 11, 2014, retailer Neiman Marcus confirmed that it was working with the U.S. Secret Service to investigate a breach and may have involved the exposure of an unknown amount of customer payment cards. According to reports, a forensics firm confirmed evidence that Neiman Marcus was a victim of a criminal cybersecurity intrusion and some customers’ credit and debit cards were possibly compromised. Neiman Marcus reports it has taken significant steps to further enhance information security.

Attorney General Schuette is actively engaged in investigating this matter with colleagues across the country.  Neiman Marcus is also working with the Secret Service to investigate the incident.

Below is helpful information for Michigan consumers who may have been affected by this breach:

  1. The Neiman Marcus corporate homepage has additional information regarding the breach. It can be accessed at www.neimanmarcus.com. Visit this page for regular updates and reliable information, including all official company communications.

  2. Neiman Marcus policy provides that you will have zero liability for any unauthorized charges on its card if you report them in a timely manner. Please contact your card brand or issuing bank for more information about the policy that applies to you.
     
  3. If you have made a payment card purchase at Neiman Marcus in the past year, the company will be offering you one year of free credit monitoring service. Sign-up instructions for this service will be provided on the company website. 

MICHAELS

On April 17, 2014, Michaels confirmed that it had suffered a security breach at a portion of Michaels' stores and its subsidiary, Aaron Brothers, from May 8, 2013 to February 27, 2014.  This comes after the company announced on January 25, 2014 that it was retaining data security experts to investigate a possible breach.  Reports indicate that the breach may have compromised approximately 2.6 million payment cards at various stores, but the number of individual consumers impacted is not known.  During this breach, payment card numbers and expiration dates were exposed.  The locations and potential dates of exposure for each affected Michaels store are listed on www.michaels.com

Attorney General Schuette is activity engaged in investigating this matter with colleagues across the country.  Michaels is also working with the federal law enforcement to investigate the incident.

Below is helpful information for Michigan consumers who may have been affected by this breach:

  1. You should review the list of affected U.S. stores to see if you shopped at an affected store during the timeframe specified for each store.
  2. Michaels is offering identity protection, credit monitoring, and fraud assistance to affected U.S. customers.
  3. Michaels has additional information on its website - http://www.michaels.com/corporate/payment-card-notice-faqs,default,pg.html.  If you have other questions, you can call Michaels toll-free at 1-877-412-7145.

ADDITIONAL INFORMATION


For people who shopped at Target, Neiman Marcus, or Michaels,  Attorney General Schuette offers the following information on how to protect against potential identity theft:

  1. Immediately review and monitor your credit and debit card information. Carefully review and monitor your credit card and other financial accounts for the next 12 to 24 months for any unauthorized activity. Also monitor your credit reports. If you notice any irregular activity or charges, immediately report it in writing to the card issuer.

  2. Order a copy of your credit report, and look for unauthorized activity. Look carefully for unexplained activity on your credit report. You are entitled to one free credit report per year from each credit bureau. Additionally, as previously mentioned, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped U.S. stores. The service includes a copy of your credit report. Neiman Marcus will be offering a similar service.

  3. Call one of the three major credit bureaus and place a one-call fraud alert on your credit report:
     •Equifax: Call (800) 525-6285, and write: P.O. Box 740241, Atlanta, GA 30374-0241.
 
    •Experian: Call (888) 397-3742, and write: P.O. Box 9532, Allen, TX 75013.

    •TransUnion: Call (800) 680-7289, and write: Fraud Victim Assistance Division, P.O. Box 6790 Fullerton, CA 92834-6790.

You only need to call one of the three credit bureaus; the one you contact is required by law to contact the other two credit bureaus. This one-call fraud alert will remain in your credit file for at least 90 days. The fraud alert requires creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. When you place a fraud alert on your credit report, all three credit bureaus are required to send you a credit report free of charge.
  1. If there is unauthorized activity on your credit report, you may want to place an extended fraud alert on your credit report. If, after reviewing your credit report you believe there is unauthorized activity, you may want to place an extended fraud alert on your credit report. In order to do this, you need to file a police report with your local police department, keep a copy for yourself, and provide a copy to one of the three major credit bureaus. Then an extended fraud alert can be placed on your credit file for a 7-year period. This will mean that any time a user of your credit report (for instance, a credit card company or lender) checks your credit report, it will be notified that you do not authorize any new credit cards, any increase in credit limits, the issuance of a new card on an existing account, or other increases in credit, unless the user takes extra precautions to ensure that it is giving the additional credit to you (and not to an identity thief).

  2. Contact the fraud departments of your credit card issuers or bank. You may want to contact the fraud department of the credit card company or the bank associated with your debit card that you used when you made a purchase at either Target or Neiman Marcus. These financial institutions can monitor your account for suspicious activity. You may also wish to discuss the advisability of requesting a new account number.
For additional information on identity theft prevention and related topics for Michigan consumers, please see the Attorney General's other Consumer Alerts, including:
 
 
   
 
 
 
 

The Federal Trade Commission has a blog tracking the Target breach and additional information on their Identity Theft homepage.
 

CONTACT THE ATTORNEY GENERAL'S CONSUMER PROTECTION DIVISION


Consumers with questions or concerns may contact the Attorney General's Consumer Protection Division at: 

Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909
517-373-1140
Fax: 517-241-3771
Toll free: 877-765-8388
www.michigan.gov/ag (online complaint form)

 

 
Related Content
 •  Advance-Fee Loan Scams
 •  Malware – What Is It and How To Avoid It
 •  Charitable Donation Refund Scam
 •  National Mortgage Settlement Scams
 •  Travel Tips
 •  Remembering Our Veterans - Some Timely Tips for Donors
 •  International Sweepstakes & Lottery Fraud
 •  Debt Collection & Debt Collection Scams
 •  Michigan's Scanner Law
The 2011 Shopping Reform and Modernization Act
 •  Embezzlement Prevention for Small Organizations
 •  Hey! Why Isn't That Price Fixing? The Real Story of Manufacturer's Suggested Retail Prices
 •  Prescription Drugs - How To Safely Save Money
 •  Pre-Paid Funeral Contracts
 •  Grandparents Scam
 •  Senior Census - Fact or Fiction?
 •  'Tis The Season For Protecting Yourself When Making Purchases
 •  Support Disaster Relief - But Avoid Scammers
 •  Business Sudden Closure
 •  Federal and State Legal/Foreclosure Protections for Military Personnel on Active Duty
 •  Cell Phone Spam Stop Receiving Unwanted Text Messages!
QR code

Michigan.gov Home
PoliciesMichigan NewsMichigan.gov Survey


Copyright © 2014 State of Michigan