DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is Target’s offer of an Experian-only ID theft product good enough?

Posted on January 13, 2014 by Dissent

idRADAR has some comments about Target’s offer of an ID theft product. I found it interesting to read because I wouldn’t have realized that what Target negotiated was not the usual kind of product that checks all three major credit reporting databases – Experian, Equifax, and Transunion. The plan Target arranged with Experian only checks Experian’s database.

Read the article and see what you think.

Related posts:

  • TX: Statement and Frequently Asked Questions about the 2018 ERS OnLine Security Incident
  • Pointing fingers, Thursday edition – U.S. Info Search tells its side
  • T-Mobile customers affected by the Experian breach can sign up with CSID for identity protection services
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Category: Business SectorID TheftMalwareU.S.

Post navigation

← What Happens in the Hospital Doesn’t Stay in the Hospital
NC: Ex-Alamance County employee pleads guilty in identity theft case →

11 thoughts on “Is Target’s offer of an Experian-only ID theft product good enough?”

  1. IA Eng says:
    January 14, 2014 at 12:12 pm

    OK, Target gets hacked. They steal credit card data. They may get some Personal Information, but not alot. So – whats ID Theft have to do with a credit card hack?

    The companies that offer this sort of service just want to appease the customers and make them feel like they are getting something “free”. A year’s worth of service is nice, but utterly worthless if the crooks just have a CC number that eventually will get replaced.

    I think the companies should pay the card companies the fees to replace all of the cards that were affected, and its done in a timely manner. Timely, as in like as soon as humanly possible, like 1-2 working days after the breach, the cards are being procesed. That way, the hack is about worthless.

    Sure there will be miscreants out there buying up bad CC numbers and attempting to use these numbers once the dark side posts them on the evil websites. But a bank – hopefully knowing of the breach will not process the CC payment, letting the card die on the vine.

    It would be so much easier if the card had an extra set of four digits. These could be random numbers, much like they are on a RSA style token. Upon using the card online or at a counter our ATM, the extra numbers have to be punched in via keypad. It would be like a one time passcode that must match what the processing side sees as well. Failure to do so after 2 attempts means a potential fraud alert is generated.

    The longevity of the cards is probably too long as well. I think CC’s should be good for no more than 2 years, which will shorten the chances of the card becoming compromised. The card would need to have security features built in to detect tampering.

    Obviously the way that the financial institutions are doing “business” is making the crooks rich, and then the financial institutions are raising rates to offset losses. A newer way of doing business won’t come about if the “old way” is producing the financial institutions enough revenue to offset any losses. If they are making Billions off interest charges, then in their maind they are proably thinking….why change? Business is good, so they are good with the way its working.

    The way of the CC propaganda process is broke.

  2. Bill Stark says:
    January 14, 2014 at 1:16 pm

    Remember that 70,000,000 records were exfiltrated by hackers of Target. This includes other personal information beyond credit card numbers — personal info which can be used to steal identities. This is bigger than credit card fraud.

  3. Alois Hammer says:
    January 14, 2014 at 2:11 pm

    idRadar:

    Site under maintenance
    What’s on Your ID RADAR?

    idRADAR is Coming Soon!

    1. Dissent says:
      January 14, 2014 at 3:13 pm

      Bad timing for their maintenance. I want a new law that says “If I link to you, you have to be there. Always. And. Forever.” 🙂

  4. rcrsv says:
    January 14, 2014 at 2:32 pm

    When you try to sign up for credit monitoring with Target, their site requires full name and email address.

    Then you receive an email from a sketchy looking domain, bfi0.com.

    A whois of that domain leads back to Epsilon in Irving TX, a direct marketing company.

    Epsilon itself had a massive data breach not too long ago, where they leaked personal information on millions of people who then suffered phishing attacks.

    Target never asked my permission to share my personal information with Epsilon.

    Now Epsilon has a list of people who were compromised in the Target breach. This shit has got to stop!

    If you want more info and screenshots I’m @rcrsv on Twitter.

    1. Dissent says:
      January 14, 2014 at 3:58 pm

      I’ve emailed Target and asked them to respond to the concern. I’ll post something if I get a response.

      1. rcrsv says:
        January 14, 2014 at 4:12 pm

        Here’s a thread where Target replies, but repeatedly doesn’t answer the question.

        https://twitter.com/rcrsv/status/423143048793427968

        1. Dissent says:
          January 14, 2014 at 4:15 pm

          I put the question somewhat differently to their corporate communications department. As I said, if I get a response, I will post it.

    2. Dissent says:
      January 16, 2014 at 12:43 pm

      Please see my blog post about this issue on the “mother ship,” PogoWasRight.org: http://www.pogowasright.org/at-risk-if-you-do-at-risk-if-you-dont-targets-problematic-privacy-policy/

  5. Jeanne Price says:
    January 14, 2014 at 5:39 pm

    Have to agree with all these comments about the idRadar News website being down for maintenance. AND IT WAS MY WEBSITE! It’s back now but I agree, Dissent. Links should work forever. And ‘brief maintenance’ should never drag on for 18 hours either!

    My biggest concern with the Target breach after studying it for over three weeks is what will happen if the hackers can match the stolen credit card numbers initially confirmed with the additional data loss involving info like email addresses announced last Friday. The possibilities are gruesome. The credit card numbers are actually a lesser concern in my mind. Still waiting to hear whether Target’s somewhat small offer of credit monitoring will extend to those who lost email addresses etc. They do not have the same financial loss protections as those who experienced fraudulent credit card charges.

    1. Dissent says:
      January 14, 2014 at 5:50 pm

      My understanding is that yes, it is being offered to the “70 million,” too. Their FAQ on the free credit monitoring offer says:

      Who is eligible for free credit monitoring?
      All Target guests who shopped in U.S. stores can take advantage of one-year of free credit monitoring.

      I’m not thrilled with the diluted credit monitoring they’re offering, though.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.