Non-Target Customers Wondering How Target Got Contact Info To Send Email About Hack

But what if I'm not a Target guest?

But what if I’m not a Target guest?

Did you get an email from Target apologizing for the recent hack and offering free credit monitoring yesterday that felt kind of, well, iffy? Many of our readers and others elsewhere on the Internet have pointed to the mass email as sketchy, due in part to pall cast by the retailer’s security breach over the holidays. And then there’s the fact that many people never shop at Target. Not in stores, and not online. Not ever. So how did they get those email addresses?

The email from the address “TargetNews@target.bfi0.com” set some of our readers on edge, especially those who don’t do business with the retailer.

For example, there’s Mike. He writes that he saw people were talking on forums about receiving emails from Target.com about the security breach, and was surprised when he received one as well.

“I have never done business with Target, I don’t have an account on Target.com and have never been in a Target store,” Mike explains.

Brian was in the same boat of suspicion, telling Consumerist: “Just received this email that claims to be from Target. What’s strange, though, is that Target does not have this email address for me.”

The good news first: A Target spokeswoman has confirmed to Consumerist that the email is “an official communication,” despite it seeming like the perfect chance for hackers to strike yet again. So, whew.

But when we asked where Target obtained email addresses for people who are not now and have never been customers of the retailer, the spokeswoman simply said, “The information was obtained by Target through the normal course of our business.”

Consumerist reader Erica points to discussions on Twitter and elsewhere, wondering if perhaps the email addresses were from Amazon, a remnant from the old Amazon-Target partnership.

Another of our observant readers Mike S. says the Amazon connection could be valid. He explains: “I own my own domain name, and I always create a new unique email address for each web business that I deal with.  I received the Target email at a unique email address that I created for use on Amazon.com (that’s an email address that I only gave to Amazon.) So, Target must have gotten my email address from Amazon.”

That could be the normal course of business, perhaps? But it’s very unclear.

We asked Target’s spokeswoman to clarify what the “normal course” of their business is, and have yet to receive a response.

For the time being, rest assured that the email is at least not a phishing attempt. But in the future, Target? You might not want to make your emails so… hacky, especially right after a big, widely publicized hack attack you’re trying to recover from.

The sketchy email in its entirety below:

(click to enlarge)

(click to enlarge)

Read Comments6

Edit Your Comment

  1. CharlesWinthrop says:

    Highly unlikely, since the address I received that email through has never been used with Amazon either.

  2. TianaS says:

    That is the email I use with Amazon, so … maybe? Still seems strange to me though, since I haven’t shopped at Target in years. I, too, worried about another attack of some sort, but all of the links seemed to be actual links to Target (not something that just had Target in the URL somewhere).

  3. NorthernPike says:

    In the article you wrote “Another of our observant readers Mike S. says the Amazon connection could be valid. He explains: “I own my own domain name, and I always create a new unique email address for each web business that I deal with. I received the Target email at a unique email address that I created for use on Amazon.com (that’s an email address that I only gave to Amazon.) So, Target must have gotten my email address from Amazon.”

    I’m also a Mike S. and am in a similar situation. I have a unique email address set up for Target. I have not bought anything from Target since the original Wii came out so that was sometime in 2007. Target had previously ticked us off so much the only reason I went was because they had the Wii. They offered 10% off for signing up for their card so I went for it.

    The hackers definitely got deep into their system. It was definitely not just the point of sale terminals.

  4. SingleMaltGeek says:

    I do the same thing as Mike S. and NorthernPike, but I got the Target notice at Target@[myvanitydomain].

  5. Saber says:

    I tried it since everything was on the up and up.
    …the code they sent me didn’t work. XD

  6. FusioptimaSX says:

    I was wondering how the heck they got my email address. I shop there occasionally, but never online. I have an Amazon account, but haven’t logged in in years. It seems suspicious that they were able to infiltrate so many people. I was wondering who or where they bought my email address information from. But if there isn’t an Amazon connection, this needs some explaining. I however only received this from the address that I have an Amazon account with, not any other email accounts.