FAQ: Target Stores Debit Card Compromise

How do I know if this impacts me?

If you shopped in a Target store between November 27, 2013 and December 15, 2013, you should check your account for any suspicious or unusual activity. If you see something that appears fraudulent, contact us right away at (800) 773-5640,after-hours at (800) 500-1044 or by visiting your local branch. REDcard holders should contact Target.

Online purchases from Target.com were NOT affected. The data breach impacted credit and debit card purchases in Target stores only.

What is Heritage Oaks Bank doing in response to this event?

Heritage Oaks Bank is reviewing reports received from its card provider and once specific card numbers have been identified as being exposed as a part of this breach, we will block those cards for protection of our clients. We will contact you via letter if your card is involved. That letter will include information on the issuance of a new card.

Once you block my card, can I continue to use it at locations other than Target?

No, the card block will prevent you from being able to use your card for any type of transaction activity, including recurring monthly charges you may have set-up. Once your card has been confirmed to be blocked, we recommend that you be sure to contact any merchants you have set up to automatically debit your debit card (health clubs, cellular phone, internet service providers, etc.) as soon as possible to avoid any disruption in service.

If issued a new card, will it be or can I keep the same card number?

No, the card number must be changed as it was compromised as a part of this event.

What if I only used my Target REDcard and not my Heritage Oaks Bank Debit card, will my Heritage Oaks Bank debit card still be blocked?

No, if you did not use your Heritage Oaks Bank Debit card between November 27, 2013 and December 15, 2013 at a Target store, your card will not be blocked. We strongly recommend that you contact Target to have your Target REDcard blocked.

What if I find I have fraudulent transactions on my account from my Target REDcard?

You will need to contact Target to dispute transactions coming from your Target REDcard.

What if I see transactions posting to my account that are fraudulent and not from my Target REDcard?

If you identify fraudulent activity on your account, please report it to us immediately at: (800) 773-5640, after-hours at (800) 500-1044 or by visiting your local branch.

Additional Options for Reporting Fraudulent Activity:

An additional option for reporting any suspicious or unusual activity on your accounts is to contact the Federal Trade Commission (“FTC”) or law enforcement to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s Web site, at www.consumer.gov/idtheft, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

You may also periodically obtain credit reports from each nationwide credit reporting agency. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. In addition, under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling (877) 322-8228. You may contact the nationwide credit reporting agencies at:

Equifax
(800) 525-6285
P.O. Box 740241
Atlanta, GA 30374-0241
www.equifax.com

Experian
(888) 397-3742
P.O. Box 9532 Allen, TX 75013
www.experian.com

TransUnion
(800) 680-7289
Fraud Victim Assistance Division
P.O. Box 6790
Fullerton, CA 92834-6790
www.transunion.com

 In addition, you may obtain information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file. In addition, you can contact the nationwide credit reporting agencies regarding if and how you may place a security freeze on your credit report to prohibit a credit reporting agency from releasing information from your credit report without your prior written authorization.

The credit reporting agencies have three (3) business days after receiving your request to place a security freeze on your credit report. The credit reporting agencies must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both that can be used by you to authorize the removal or lifting of the security freeze.

To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a written request to the credit reporting agencies by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have three (3) business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time

To remove the security freeze, you must send a written request to each of the three credit reporting agencies by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze. The credit reporting agencies have three (3) business days after receiving your request to remove the security freeze.