Breach hits home

Subscribe Now Choose a package that suits your preferences.
Start Free Account Get access to 7 premium stories every month for FREE!
Already a Subscriber? Current print subscriber? Activate your complimentary Digital account.

The Target data breach has reached the Big Island.

The Target data breach has reached the Big Island.

Numerous Hawaii Community Federal Credit Union members learned of the breach when they pulled out their credit union-issued Visa debit and credit cards while shopping and dining during the days leading up the Christmas holiday and it was returned “not authorized” or they were unable to get cash from one of the bank’s automatic teller machines.

Two-thousand — or about 5 percent — of the financial institution’s 42,000 members were affected by the recent Target data breach prompting the bank to close their Visa debit or credit cards “for safety” between Saturday and Tuesday, Tricia Buskirk, vice president of Corporate Development and Marketing, told Stephens Media Hawaii on Thursday. No unauthorized transactions have been found by the bank, which is actively monitoring the affected accounts.

Buskirk said the bank received notification from Visa on Saturday with a list of 2,000 members whose accounts were affected by the data breach, which Target acknowledged publicly Dec. 19. She said the information was first provided by Target to Visa and then from Visa to the credit union.

The majority of members affected by the Target data breach used their Visa debit cards to make purchases at the store between Nov. 27 and Dec. 15, she said. ATM cards were not affected; Visa credit cards were.

Out of an abundance of precaution, Buskirk said the credit union opted to close down the affected cards without being able to notify many of the cardholders beforehand. That decision came after officials realized it was taking too long to call each member and notify them of the situation. A notice was posted on the bottom of the institution’s website Saturday, but it did not directly say some HCFCU members were affected.

“It didn’t say we were shutting down (cards),” Buskirk said. “We don’t want to create mass panic.”

Buskirk apologized on behalf of the credit union for any inconvenience the decision to close cards might have caused members, noting it occurred at “just a real bad time of year.” She said the credit union has been fielding numerous calls and visits from concerned, and sometimes upset, members. At least a dozen were in line at the credit union’s Kaloko branch Thursday seeking replacement cards.

“We felt it prudent to block the cards,” she said, noting with the actions taken the credit union thinks the members are safe from fraud. “We know it was an inconvenience to members, but we didn’t want them to be without (their) cash.”

Employees worked around-the-clock Saturday through Tuesday shutting down the affected cards, which had to be done one by one, she said. Letters, which stated the bank identified the member’s Visa debit/credit card “at risk for unauthorized charges” and what actions were being taken and suggested by the credit union, were mailed Monday and Tuesday to those affected.

“They burned the midnight oil just monitoring our members accounts,” she said about the credit union staff. “They were on it.”

Buskirk said the credit union constantly monitors members’ accounts for fraudulent activity and will continue to do so. That’s in addition to the monitoring done by the vendor, Visa. As an example of the monitoring provided, she said the credit union could block a card from being used when a person traveling attempts to make purchases outside their usual usage area.

If there are unauthorized charges, which according to the credit union has not happened, related to the incident, members will not be liable, she said.

“If there are any disputes, we will help members through that,” said Buskirk, noting Visa’s Zero Liability policy.

Target reported Dec. 19 computer hackers obtained credit and debit card information from purchases made at company stores between Nov. 27-Dec. 15. The breach might have included unauthorized access to payment card data, including customer names, credit or debit card numbers, the card’s expiration date and the card verification value, the three-digit security code located on the back of the card.

It’s estimated data connected to approximately 40 million credit and debit card accounts might be have been stolen. The breach involved transactions at Target stores when the cards were swiped. Target reported it did not involve those making online purchases.

Stephens Media Hawaii was unable to reach Kona Target Store Manager Roger Thomas. His voicemail box was also full and not able to accept new messages as of Thursday afternoon.

Target Corp., in a prepared statement released Tuesday, said it hosted a call for attorneys general around the country to discuss the breach. A follow-up call is planned Jan. 6. On Dec. 20, it reported very few reports of actual fraud.

The state Department of Commerce and Consumers Affairs’ Office of Consumer Protection is “eagerly anticipating” a report required by state law from Target about the scope of the security breach, Brent Suyama, the department’s spokesman, said Thursday. The office is the primary agency responsible for reviewing, investigating and prosecuting allegations of unfair or deceptive trade practices in consumer transactions.

He said the department had not received information about the data breach affecting Hawaii residents when contacted by Stephens Media Hawaii on Thursday about the 2,000 members affected at HCFCU.

Businesses are required by Hawaii law to notify customers of any security breach involving personal information in any form following discovery of the breach.

Hawaii law also requires businesses to notify the Office of Consumer Protection about the breach without unreasonable delay, as well as information on the timing, distribution and content of the notices sent by the business to affected persons, according to a prepared statement released by the department following the Target data breach.

While the closing down of the cards might have created some headaches for members, the credit union is able to provide free replacement debit cards instantly at its Kohala, Honokaa Kaloko, Kailua-Kona and Kealakekua branches, Buskirk said, adding the credit union has plenty of cards on hand to reissue cards to all affected members.

Each branch designated one line to handle members needing replacement debit cards only.

Affected members, who should have received a letter, can go to any branch for a replacement card by noon Tuesday. Beginning Jan. 2, all remaining affected cards will be automatically reissued and should arrive in the mail within seven to 10 days. Credit cards have to be mailed to the cardholder, she said.

Dennis Tanimoto, president of the Hawaii Credit Union League, a nonprofit trade association representing credit unions in Hawaii and Guam, said the league received no reports from its members about credit union accounts affected by the Target data breach in Hawaii. However, that doesn’t mean everyone is safe, he added.

Tanimoto urged all people to not only check their monthly statements but also to use financial institutions’ online banking tools to check their balance between statements.

He said the league is also urging people using debit cards to not keep a large amount of money in checking accounts so if a person does gain access, they would be unable to take a large amount.

“Don’t take it for granted that it’s going to happen immediately,” he said. “Because it could happen years from now.”

Attempts to reach other banks and credit unions regarding affected members at those financial institutions were unsuccessful as of press time Thursday.

Hawaii Community Federal Credit Union members with concerns or questions can contact a member services representative at 930-7700 or 800-514-2328 or by visiting any of the credit union’s five branches.

Target cardholders with concerns should contact Target directly at 866-852-8680 or visit the company’s website at target.com. Customers who used a non-Target or HCFCU credit or debit card at a Target store during the Nov. 27-Dec. 15 timeframe should contact the issuing bank by calling the number on the back of their card.

Email Chelsea Jensen at cjensen@westhawaiitoday.com.