Did you get an email from Target apologizing for the recent hack and offering free credit monitoring yesterday that felt kind of, well, iffy? Many of our readers and others elsewhere on the Internet have pointed to the mass email as sketchy, due in part to pall cast by the retailer’s security breach over the holidays. And then there’s the fact that many people never shop at Target. Not in stores, and not online. Not ever. So how did they get those email addresses?
The email from the address “TargetNews@target.bfi0.com” set some of our readers on edge, especially those who don’t do business with the retailer.
For example, there’s Mike. He writes that he saw people were talking on forums about receiving emails from Target.com about the security breach, and was surprised when he received one as well.
“I have never done business with Target, I don’t have an account on Target.com and have never been in a Target store,” Mike explains.
Brian was in the same boat of suspicion, telling Consumerist: “Just received this email that claims to be from Target. What’s strange, though, is that Target does not have this email address for me.”
The good news first: A Target spokeswoman has confirmed to Consumerist that the email is “an official communication,” despite it seeming like the perfect chance for hackers to strike yet again. So, whew.
But when we asked where Target obtained email addresses for people who are not now and have never been customers of the retailer, the spokeswoman simply said, “The information was obtained by Target through the normal course of our business.”
Consumerist reader Erica points to discussions on Twitter and elsewhere, wondering if perhaps the email addresses were from Amazon, a remnant from the old Amazon-Target partnership.
Another of our observant readers Mike S. says the Amazon connection could be valid. He explains: “I own my own domain name, and I always create a new unique email address for each web business that I deal with. I received the Target email at a unique email address that I created for use on Amazon.com (that’s an email address that I only gave to Amazon.) So, Target must have gotten my email address from Amazon.”
That could be the normal course of business, perhaps? But it’s very unclear.
We asked Target’s spokeswoman to clarify what the “normal course” of their business is, and have yet to receive a response.
For the time being, rest assured that the email is at least not a phishing attempt. But in the future, Target? You might not want to make your emails so… hacky, especially right after a big, widely publicized hack attack you’re trying to recover from.
The sketchy email in its entirety below: