COLUMBUS — Several financial institutions serving Ohio are contacting their debit-card and credit-card customers who have been affected by the major information breach that recently struck Target.
Most of the banks are monitoring customer accounts for fraudulent activity and telling customers to do the same. However, some banks also are limiting per-day purchases and ATM withdrawals with the cards, or simply reissuing the cards to prevent future fraud.
Meanwhile, the nation’s second-largest discount retailer is facing customer lawsuits after hackers attacked its computers and stole data from 40 million debit and credit cards used at Target stores from Nov. 27 through Dec. 15.
“We’re in touch with our clients via email, social media, our call centers, and our branches” to provide them with information about how the breach could affect them, said KeyBank spokesman Drez Jennings.
Like most financial institutions, KeyBank also is offering information about the breach on its Web site.
Customers have been receiving phone calls and emails from banks and credit unions this week, informing them that their names, debit-card or credit-card numbers, expiration dates, and three-digit security codes might have been exposed, said Emily Smith, a spokesman for JPMorgan Chase & Co.
Bank customers typically are not liable for losses because of fraudulent activity on their credit and debit cards. However, debit cards pose a greater risk because they act like main lines to customer bank accounts and lack the consumer protections afforded by credit cards.
Huntington Bancshares in Columbus, as well as Chase, is taking the most drastic action: replacing debit and prepaid cards affected by the breach.
“We are replacing all cards identified at ... possible risk,” said Huntington spokesman Brent Wilder in an email. “Replacement cards are in the process of being distributed by mail. This process is on schedule for completion by early January.”
Mr. Wilder could not say how many cards would have to be replaced.
On Dec. 21, Chase temporarily limited 2 million customers to ATM withdrawals of $100 per day and purchases of $300 per day with their debit and prepaid cards, called Chase Liquid cards, Ms. Smith said.
“Late in the day, we limited withdrawals at ATMs in the United States to $250 per day and purchases to a total of $1,000 a day,” Ms. Smith said. “We will continue to monitor the accounts and may make adjustments as appropriate.”
Meanwhile, PNC Bank has tightened its fraud monitoring and is urging customers “to monitor their own accounts and to be suspicious of emails and telephone calls asking for personal information or asking to validate card information,” said spokesman Fred Solomon in an email. Banks such as PNC “will never call you to ask for your Social Security number or PIN,” Mr. Solomon said.
Customers need not cancel their cards “unless we alert them to suspicious card activity, or they themselves see unauthorized charges to their accounts,” he said.
Information from Bloomberg News was included in this story.