Hackers got access to 130 million credit and debit card accounts, federal prosecutors allege.
But the account that matters most is yours, right?
Here's a consumer guide to the info breach.
* Does the law require a company to inform me if my card was possibly accessed?
Normally, yes. California's privacy law forces businesses to notify state residents whose information might have been breached.
But it has limits: If the number of people to contact exceeds 500,000, or if notification costs exceed $250,000, companies are not required to directly contact all potential victims.
They are, however, required to do three things:
Send an e-mail notice to account holders.
Post a conspicuous notice of the breach on their websites.
Notify statewide media.
* If the hackers got access only to my card numbers, could they use them to open additional accounts?
The good news is, probably not.
"We are not talking about Social Security numbers," said Joanne McNabb, chief of the California Office of Privacy Protection.
Identity thieves usually need Social Security numbers to apply for loans or obtain cards in your name.
* If hackers get just my credit card numbers, how much damage can they do?
A lot, but the law limits cardholder liability to $50 in false charges.
* How about if they get a debit card number?
Then the consumer protection is not as good.
If a statement contains an unauthorized transaction and you don't report it within 60 days of the statement's postmark, you can be held responsible for all losses after that period.
* What's the best advice, whether or not your card was possibly breached?
"Check your statement as soon as you get it," McNabb said. Or even more often if you manage your account online.
"If you see some charge you don't recognize," she said, "no matter how small, call your bank and ask about it."