Yesterday, retail megachain Target issued a statement warning its customers that someone had gained “unauthorized access to Target payment card data” over the period of November 27 to December 15 of this year—prime time for holiday shopping. A forensic firm is investigating the incident, but the company estimates that some 40 million people could now be at risk for fraud. 

Here’s what to do now:

1) Figure out whether you might be among those affected. If you shopped at a Target location in the time frame mentioned above—specifically in the United States—you can assume that your name, credit or debit card number, card expiration date, CVV security code, and PIN (anything the thieves could have pulled off the card’s magnetic stripe) is vulnerable.

2) Call one of the three nationwide credit reporting agencies (there’s Equifax, Experian, and TransUnion), both to find out your current standing and to set up a fraud alert. This will make it more difficult for someone to use your data to create a counterfeit card, though it may also slow down the process of applying for credit yourself.

3) Check your bank and credit card statements for any suspicious activity, and take a close look: the hackers may charge items in your locality so as to evade detection and avoid throwing up any red flags. Even a small transaction could be evidence that fraudsters are testing the account for later use. Report any indication of a breach to the financial institution and the attempted identity theft to the Federal Trade Commission, via phone or their website.

4) When it looks as though your identity has been stolen, cancel and replace your card and switch to a new PIN. After that, you may want to consider seeking a security freeze through the FTC or one of three credit reporting agencies, which will “prohibit a credit reporting agency from releasing information from your credit report without your prior written authorization,” per Target.    

5) Contact Target if you have any unanswered questions. Target is obviously embarrassed by the scope and sophistication of this attack, and it remains unclear just how it was perpetrated on such a grand scale, so new details are sure to emerge in the days ahead. The company has set up a hotline to assist you in protecting your data—give them a ring at 1-866-852-8680.

Other than that, try to keep a cool head. And maybe stick to cash for a while. Or Walmart.

Photo by largeprime/Flickr