Thousands of people in the Charlotte area are receiving new debit cards as news of a massive data breach at Target Corp. continues to unfold.
The retailer first disclosed in December that hackers had gained access to the debit and credit card information of approximately 40 million customers who shopped at Target in about a 2 1/2-week period that included Black Friday.
An estimated 1.2 million North Carolinians were affected, according to the North Carolina attorney general’s office. Target has since said as many as 70 million more customers may have had their names, mailing addresses, phone numbers or email addresses stolen.
At least five financial institutions with a major presence in the Charlotte area have begun issuing new debit cards to customers who shopped at Target between Nov. 27 and Dec. 15, when the breach was reported to take place.
Others – including Charlotte-based Bank of America and Wells Fargo – have said they are actively monitoring customer accounts for evidence of fraudulent activity. Target is offering a year of free credit monitoring, but customers need to sign up for the service.
“This was one of the most widespread (breaches) that I can remember in my history,” Yadkin Bank chief operating officer Mark DeMarcus told the Observer on Monday. “We have taken a very proactive stance.”
Though none of the bank’s customers have reported suspicious charges on their cards, DeMarcus said Yadkin Bank is preemptively sending 1,400 debit cards to customers who shopped at Target during the affected time period.
The bank began sending letters and calling the affected customers in the first week in January.
All new debit cards should be in their hands this month.
BB&T, SunTrust, Fifth Third and Sharonview Federal Credit Union have also begun reissuing debit cards to customers potentially affected. Specific numbers were not disclosed.
Several large banks have taken a measured approach in the weeks since the breach was first revealed. Instead of announcing they would immediately replace millions of debit cards, they have told customers they would watch accounts for suspicious activity.
• In a message posted online, Bank of America told customers they can continue to use their debit cards normally.
“If we believe the account is at risk for fraud, we will notify you and reissue the card,” the bank said.
• Wells Fargo said in a statement that it continually monitors customers accounts.
“If we believe the security of a debit or credit card is at risk, Wells Fargo will take action to safeguard our customers’ accounts,” the bank said.
• PNC Bank is not reissuing cards until fraudulent activity is detected, spokeswoman Marcey Zwiebel said. She said the bank has “robust fraud monitoring” and encouraged customers to keep an eye on their accounts.
At all three banks, customers are not held liable for fraudulent activity on their cards and would get their money back.
For the moment, banks are having to bear the costs of reissuing the debit cards, N.C. Bankers Association Senior Vice President Nathan Batts said. Banks may ultimately try to sue Target to recoup their money, Batts said, and the state banking association would evaluate whether to help them do so.
DeMarcus, the Yadkin Bank executive, declined to say exactly how much his bank has spent to reissue cards.
“It’s not immaterial, I would put it that way,” DeMarcus said.
“This is tens of thousands of dollars.”
He said Yadkin Bank has also invested in beefing up technology that protects debit card transactions.
Banks have been focusing heavily on debit cards in the wake of the Target breach because those charges take money directly out of a customer’s bank account.
Credit cards generally have more protections, and issuers can flag suspicious activity and close down a card before money changes hands.
Local lawmakers may also soon dive into the breaches from Washington, D.C. Democratic members of the House Financial Services Committee want the panel to investigate the breach, Reuters reported.
U.S. Rep. Robert Pittenger, a Republican whose district includes parts of Mecklenburg County, said Monday the response of banks to the breaches has been “prudent.”
He said the first order of business is determining what caused the breaches. Pittenger said he plans this week to discuss the breaches with Rep. Jeb Hensarling, R-Texas, chairman of the House Financial Services Committee.
“I’ll ask him his reaction and what role we should be playing, if any,” Pittenger said.
“It may not be our committee’s role. It depends on the initial findings, and what the FBI has to say and others.”
Staff writer Deon Roberts contributed.