The cyber-thieves who took credit-card data on 40 million Target customers also got personal information on 70 million shoppers, according to a statement posted to the company’s website this morning.
Target says the hackers took “names, mailing addresses, phone numbers or email addresses” in some unspecified “partial” state.
Target did add what it hopes will sound like good news: It plans to offer shoppers a year of free credit monitoring. It says identity theft insurance will be part of the package “where available” -- without offering details on what that means. No details on how to sign up either -- yet. The company says that will come next week.
The good news here is that the additional information won’t be of much use to thieves, according to identity-theft expert Robert Siciliano. He says the contact information doesn’t unlock anything by itself.
All it does is make it easier for somebody who’s really clever -- and, let’s add, really bold -- to get in touch with victims personally and try to con them into giving up their social security numbers.
“Otherwise, it’s useless to the thief,” he says.
Without the social security number, thieves can’t open up new accounts in a victim’s name, which would be the big worry.
So, do beware of a call like the following:
“Hi, Mr. Weissmann, I’m calling from your bank—Our records show your information was compromised in the Target breach…
[… because now they do also know that about you…]
“And we’re calling to confirm that no one is trying to mis-use your information to steal your identity. Would you please give me your full social security number?”
So, you know, just say no there.
And watch your statements. But you were doing that anyway, right?