It seems like every week there’s news of another company being hacked, with customers’ personal data being stolen. Consumers can take steps to avoid becoming a victim, and if it’s already too late, you can take action to prevent further harm.
It seems like every week there’s news of another company being hacked, with customers’ personal data being stolen. Most recently, the U.S. Office of Professional Management announced that millions of federal employees had their personal identification information compromised. (For other large data breaches, see the sidebar.) AARP reports that 41 percent of Americans say they received news that they were victims of a security breach in the past year. However, only a small percentage of this group became victims of fraud, according to a report from Javelin Strategy & Research.
If someone steals your credit card information, they could use your name, address, email address, Social Security number, driver’s license number and/or financial, credit or debit card data to set up other accounts in your name. Even if you’re not hurt financially, such breaches can cause frustration, as reported by these two victims of a security breach (from the Federal Trade Consumer website):
My banking info was stolen during a data breach recently. A duplicate fraudulent card was made and used for over $1700 worth of purchase attempts. Luckily the bank froze the card, but not until almost $800 of charges went through. The bank NEVER notified me that this had happened. . . . Now my account is overdrawn, I have to jump through hoops to get my $$ back (including a payroll deposit that I couldn't stop).
| Worst Data Breaches This list of electronic attacks from the past few years provides a sense of the scope of the problem (from Tom’s Guide): Target Stores, 2013: Scammers infected the retail giant’s payment-card readers, stealing 40 million credit and debit card numbers, full names, addresses, email addresses and telephone numbers. Sony online entertainment services, 2011: Hackers targeted the PlayStation Network Sony Online Entertainment and the Qriocity video- and music-streaming service. Thieves stole the login credentials, names, addresses, phone numbers and email addresses of 77 million users. In 2014, a criminal group released internal Sony Pictures Entertainment data on file-sharing sites. Leaked information included actors’ and executives’ Social Security numbers and scanned passports, internal passwords, unpublished scripts, marketing plans, financial and legal information and even four unreleased Sony movies. At risk of identity theft were the company's 6,800 employees, plus an estimated 40,000 other individuals whom the company had paid over previous years. Anthem, 2015: Hackers stole the names, addresses, birthdates, Social Security numbers and employment histories of 80 million current and former customers from the second-largest health insurer in the United States. Epsilon, 2011: Scammers swiped the Texas-based marketing firm’s databases, encompassing at least 60 million records of more than 2,500 clients worldwide. Clients included more than a dozen major retailers, banks, hotels and other companies such as Best Buy, JPMorgan Chase, Capital One Bank and Verizon. Home Depot, 2014: Malware infected the retail giant’s U.S. and Canadian systems, stealing 56 million customer credit and debit card numbers. Living Social, 2013: Thieves took more than 50 million worldwide customers’ names, email addresses, birthdates and encrypted passwords from this partly Amazon-owned website that offers daily deals. TJX Companies, 2006-2007: Hackers stole at least 45.6 million credit and debit card numbers over an 18-month period, but some estimates put the number closer to 90 million. TJX is the parent company of several major retail brands, including Marshalls, T.J. Maxx and HomeGoods. |
And another:
Since 5/8/14 at 4 pm I have received more than 80 calls stating I applied for a loan online and they have the last 4 digits of my soc. sec., and the last caller even had a bank acct no. This info could have only come from a major retailer or a credit card company.
Your personal information could be stolen mainly through hacking, malware or spyware. Hacking means someone breaks into a secure network in order to destroy, modify or steal data. Malware (short for malicious software) is used to disrupt computer operation, gather sensitive information or gain access to private computer systems. And spyware is software that tries to gather information about a person or organization without their knowledge and that may send the information to another entity without the consumer's consent; it takes control over a computer without the consumer's knowledge.
Generally speaking, your liability is limited to $50 for unauthorized purchases made with your debit or ATM card. However, under federal law, if you don't report illegal transactions within 60 days, you may be held responsible for the entire amount.
Although hearing such stories might tempt you to shred your credit and debit cards and only use cash, a cash-only system would be nearly impossible to maintain in today’s technology-driven culture. For example, imagine shopping online or scheduling a flight reservation without a credit card.
However, there are ways to protect yourself:
While Shopping . . .
When making a purchase online, you can use PayPal or Apple Pay, services that access your funds through the PayPal account, a credit card or your bank account. Because PayPal stores your credit card information and does not share it with the retailer, scammers cannot access the information if they breach the retailer’s records.
If you’re using your debit card to make a purchase at a brick-and-mortar store, choose to process the card as credit rather than debit. You won’t need to provide your PIN number, which a hacker can use to steal money from an ATM.
A recent trend toward “chip” cards should make your transaction safer. Credit card companies are replacing old cards, which listed your credit card number, with chip cards, which only give a “transaction code” to the retailer, making it more difficult to be stolen.
Right After the Incident . . .
If you’ve been hacked, change your password and make it as complex as possible (rather than 1234 or your name). Many people keep the same password for several websites. It’s a good idea to change it for each site, so the data thief can’t access your information on other websites.
Often, after a major data breach, your bank or credit card company will issue a new card. If you think you've been affected, but you don't hear from your card issuer, call and ask for a new card. This will shut down your old account and help prevent fraud. When you receive a new debit card, change your PIN.
If You’re Contacted Afterward . . .
After companies publicize big data breaches, scammers often send email to the victims under the guise of offering free credit monitoring. In reality, the thieves are looking to steal personal information. You may get letters purporting to be from the hacked retailer or bank, but be suspicious, especially if they want your password. Instead, go directly to the retailer’s website to look for help. In general, even if you haven’t been the victim of a data theft, experts advise going to the business’s website rather than responding to an email.
For the Future . . .
Check your credit and debit card statements regularly for any charges that aren’t yours. If you notice an unauthorized charge, ask your financial provider to cancel the card and issue you a new one.
After a data breach, many retailers and banks offer credit-monitoring services for free for a limited period. These services track your credit report at one or more of the three major credit bureaus—Experian, Equifax or TransUnion— and immediately send you an alert if any change or suspicious activity occurs. You can also sign up directly with the credit bureaus.
Federal law requires the three bureaus to provide you with one free copy of your credit report every 12 months. By asking for this, you can establish a baseline for your credit rating in case you are the victim of fraud.
In the case of unauthorized transactions on a debit or credit card, you can ask the credit bureaus to attach a "fraud alert" to your account. This makes it more difficult for someone else to open an account in your name, because most creditors check your credit report before approving a new account. This service is free and stays on your accounts for at least 90 days.
Sources
“Data breach protection: 10 tips,” Creditcards.com
“Target data breach: 9 ways to protect yourself,” Jan. 13, 2014, CBS News
“5 ways to protect yourself from data breaches,” Sept. 21, 2014, USA Today
Protect Yourself Against Data Thefts was featured in the August Senior Spirit Newsletter.
Blog posting provided by Society of Certified Senior Advisors.
