It seems that every week we hear that another big retailer, service provider or similar organization has suffered a data breach, putting customers’ personal and financial information at risk. There are lessons that you can learn from these incidents.
- There’s no such thing as a completely safe transaction or a completely safe website or a completely safe database.
Even companies that do everything possible to secure their customers’ information may discover that someone has stolen that data from them. In the case of Target, authorities have traced the theft back to a data breach at a heating and refrigeration company that did some work for the retailer. Hackers used that back door to get into the Target system.
When companies discover and patch a security hole, hackers immediately look for another way to get in, and they’re likely to find one. Both brick and mortar stores and online merchants are vulnerable to such attacks.
And don’t think it’s only retailers who may inadvertently let your information leak. The University of Maryland recently reported that cyber thieves got into its database and stole the names, dates of birth and Social Security and University identification numbers of more than 309,000 people—all the faculty, staff and students who were in possession of a University ID anytime between 1998 and the present. Those thieves have all the information they need to apply for a credit card in their victims’ names.
- You need to remain vigilant.
No one is more interested in protecting your financial data than you. So the real responsibility for monitoring your credit card and bank accounts ultimately falls on your own shoulders.
Be proactive. Get in the habit of checking your credit card accounts and your bank accounts at least once a week. If you see any purchases or transactions that you don’t recognize, contact the customer service representatives at your credit card company or bank immediately. (Don’t worry if you’ve simply forgotten that you made a purchase. That happens all the time, and if you have any doubts it’s better to question a transaction than let it slip by unchallenged.)
- It’s good to have credit monitoring, but that service can’t prevent identity theft.
Target and the University of Maryland are both offering those affected by the data breaches a credit monitoring service for a year. That’s great as far as it goes. A credit monitoring service will provide you with a free copy of your credit report so that you can check for incorrect information. It will also notify you of any changes to your credit record, like a new account opened in your name or a change in your contact information.
The problem is you get notified after the fact. Credit monitoring doesn’t prevent a thief from applying for (and possibly getting) an account in your name. It just gives you the opportunity to act a little more quickly than you might have without the service. That’s another reason that you’re the one who has to be vigilant.
- The problem doesn’t go away in a year or two.
Hackers sell the stolen personal and financial data to sites that in turn resell them to thieves. The thieves may not use that stolen information for a few years as they wait for the initial uproar surrounding the theft to die down. So you might find that the theft that took place in 2013 is affecting your credit card score into 2015 and beyond.
To be on the safe side, ask your bank to cancel your old credit card and issue you a new one with a different number.
- You need to know what steps to take if your financial information is compromised.
If you discover data thieves are trying to use stolen information about you:
- Call your bank or credit card issuer immediately. The longer you wait, the more financial liability you could have (especially with debit cards).
- Create an identity theft report with the FTC and file a police report.
- Place a fraud alert on your account with one of the three major credit bureaus. (That bureau will pass the word to the other two.)
- Get free copies of your credit report to see if there is any incorrect information about you on it or if any new accounts have been opened without your knowledge.