The Target data breach has reached West Hawaii.
Numerous Hawaii Community Federal Credit Union members learned of the breach when they pulled out their credit union-issued Visa debit and credit cards while shopping and dining during the days leading up to the Christmas holiday and it was returned “not authorized.” Some found out when they were unable to withdraw cash from one of the credit union’s automatic teller machines.
Two thousand — or about 5 percent — of the financial institution’s 42,000 members were affected by the recent Target data breach prompting the credit union to close their Visa debit or credit cards “for safety” between Saturday and Tuesday, Tricia Buskirk, vice president of Corporate Development and Marketing, told West Hawaii Today on Thursday. No unauthorized transactions have been found by the credit union, which is actively monitoring the affected accounts.
Buskirk said the credit union received notification from Visa on Saturday with a list of 2,000 members whose accounts were affected by the data breach, which Target acknowledged publicly on Dec. 19. She said the information was first provided by Target to Visa and then from Visa to the credit union.
The majority of members affected by the Target data breach used their Visa debit card to make purchases at the store between Nov. 27 and Dec. 15, she said. ATM cards were not affected; Visa credit cards were.
Out of an abundance of caution, Buskirk said the credit union opted to close down the affected cards without being able to notify many of the cardholders beforehand. That decision came after officials realized it was taking too long to call each member and notify them of the situation. A notice was posted on the bottom of the institution’s website on Saturday, but it did not directly say HCFCU members had been affected.
“It didn’t say we were shutting down (cards),” Buskirk said. “We don’t want to create mass panic.”
Buskirk apologized on behalf of the credit union for any inconvenience the decision to close cards may have caused members, noting it occurred at “just a real bad time of year.” She said the credit union has been fielding numerous calls and visits from concerned, and sometimes upset, members. At least a dozen were in line at the credit union’s Kaloko branch Thursday seeking replacement cards.
“We felt it prudent to block the cards,” she said, noting that with the actions taken the credit union feels its members are safe from fraud. “We know it was an inconvenience to members, but we didn’t want them to be without (their) cash.
Employees worked around-the-clock Saturday through Tuesday shutting down the affected cards, which had to be done one-by-one, she said. Letters, which stated the credit union had identified members’ cards “at risk for unauthorized charges” and what actions were being taken and suggested by the credit union, were mailed to those affected on Monday and Tuesday.
“They burned the midnight oil just monitoring our members’ accounts,” she said about the credit union staff. “They were on it.”
Buskirk said the credit union constantly monitors members’ accounts for fraudulent activity and will continue to do so. That’s in addition to the monitoring done by the vendor, Visa. As an example of the monitoring provided, she said the credit union could block a card from being used when a person traveling attempts to make purchases outside their usual usage area.
If there are unauthorized charges, which according to the credit union have not happened, related to the incident, members will not be liable, she said.
“If there are any disputes, we will help members through that,” said Buskirk noting Visa’s Zero Liability policy.
Target reported Dec. 19 that computer hackers obtained credit and debit card information from purchases made at company stores between Nov. 27 and Dec. 15. The breach may have included unauthorized access to payment card data, including customer names, credit or debit card numbers, the card’s expiration date and the card verification value, the three-digit security code located on the back of the card.
It’s estimated that data connected to approximately 40 million credit and debit card accounts may be have been stolen. The breach involved transactions at Target stores when the cards were swiped. Target reports that it did not involve those making online purchases.
West Hawaii Today was unable to reach Kailua-Kona Target Store Manager Roger Thomas. His voice mail box was also full and not able to accept new messages as of Thursday afternoon.
Target Corp., in a prepared statement released Tuesday, said it hosted a call for attorneys general around the country to discuss the breach. A follow-up call is planned Jan. 6. On Dec. 20, it reported very few reports of actual fraud.
The state Department of Commerce and Consumers Affairs’ Office of Consumer Protection is “eagerly anticipating” a report required by state law from Target about the scope of the security breach, Brent Suyama, the department’s spokesman, said Thursday. The office is the primary agency responsible for reviewing, investigating and prosecuting allegations of unfair or deceptive trade practices in consumer transactions.
He said the department had not received information about the data breach affecting Hawaii residents when contacted by West Hawaii Today on Thursday about the 2,000 members affected at HCFCU.
Businesses are required by Hawaii law to notify customers of any security breach involving personal information in any form following discovery of the breach. Hawaii law also requires businesses to notify the Office of Consumer Protection about the breach without unreasonable delay, as well as share information on the timing, distribution and content of the notices sent by the business to affected persons, according to a prepared statement released by the department following the Target data breach.
While the closing down of the cards may have created some headache for members, the credit union is able to provide free replacement debit cards instantly at its Kohala, Honokaa Kaloko, Kailua-Kona and Kealakekua branches, Buskirk said, adding the credit union has plenty of cards on-hand to reissue cards to all affected members. Each branch has designated one line to handle members needing replacement debit cards only.
Affected members, who should have received a letter, can go to any branch for a replacement card by noon Dec. 31. Beginning Jan. 2, all remaining affected cards will be automatically reissued and should arrive in the mail within seven to 10 days. Credit cards have to be mailed to the cardholder, she said.
Dennis Tanimoto, president of the Hawaii Credit Union League, a nonprofit trade association representing credit unions in Hawaii and Guam, said the league has received no reports from its members about credit union accounts affected by the Target data breach in Hawaii. However, that doesn’t mean everyone is safe, he added.
Tanimoto urged all people to not only check their monthly statements but also to use financial institutions’ online banking tools to check their balance between statements. He said the league is also urging people using debit cards to not keep a large amount of money in checking accounts so that if a person does gain access, they would be unable to take a large amount.
“Don’t take it for granted that it’s going to happen immediately,” he said. “Because it could happen years from now.”
Attempts to reach other credit unions and banks regarding affected members at those financial institutions were unsuccessful as of press time on Thursday.
Hawaii Community Federal Credit Union members with concerns or questions can contact a member services representative at 930-7700 or 800-514-2328 or by visiting any of the credit union’s five branches.
Target cardholders with concerns should contact Target directly at 866-852-8680 or visit the company’s website at target.com. Customers who used a non-Target or HCFCU credit or debit card at a Target store during the Nov. 27 to Dec. 15 time frame should contact the issuing financial institution by calling the number on the back of their card.