The big credit and debit card data breach at Target in the United States is catching some Canadians in its web and some are wondering if their personal information has been compromised.

Consumer Specialist Lea Williams-Doherty says it appears there are in fact, two levels of data theft at Target in the States:

  1. Those people who used credit or debit cards at U.S. Target stores from November 27 to December 15 may have had their card information stolen.
  2. The thieves may have also stolen customer information like names, street and email addresses.

Heather Wilkey did not shop at a U.S. Target on the dates that the store says thieves stole credit and debit card information from its system but she did receive an email from Target stating that the hackers may have stolen her personal information.

The data theft included things like her name, phone number and email address but the weird thing is, she is not even sure how Target got her email address.

"That's the big question I have, how did you get that information on me to contact me and what other information do you have?  Do you have my banking information, my credit card information my address?" said Wilkey.

Wilkey called the 800-number on Target's email.

The customer service representative told her that anyone who has ever given Target their email address, for things like online shopping or gift registry, also received the email as a warning.

"When they got into the system they took emails, addresses, phone numbers, things you may have given us over time, even if it was years ago," said the rep.

Wilke says her daughter did use her email address to create a Target "wish list" several years ago and she wanted to make sure the thieves did not access her credit card information from when she shopped in a Montana Target in years past.

The rep's answer was less than reassuring.

"If a credit card was swiped outside of the time frame, say last September, is it in danger? “ asked Wilke.

“Well the system is what got broken into so they're not quite sure, that's why they're investigating," said the rep.

Lea called and emailed Target several times on Wednesday for clarification.

The company’s media spokesperson confirmed that the personal information at risk would have only been obtained when customers provided it directly to Target in the normal course of business.

So does that mean if you ever gave Target your personal information it may have been stolen by the hackers?

Lea says that is possible and tried to confirm how long Target holds on to that information and whether the whole data base was stolen.

She also tried to confirm whether it was only those customers who had their credit card information stolen that also had their personal information taken as well and was not able to get an answer from the company.

So, if you shopped at a U.S. Target with your credit or debit card at any time, are you at risk, like the rep on the phone seemed to say?

Lea says that’s the big question and that she couldn’t get an answer on Wednesday as the customer service rep is the only person she heard from on the issue.

Target's official position on its website is that Canadian Targets were totally unaffected, that the breach only occurred in the U.S. on those specific dates, and that the data "leak" that went through was plugged as of December 15.

(With files from Lea Williams-Doherty)