On Wednesday – nearly a month after Target announced that hackers stole personal information from up to 40 million credit and debit card customers during the holiday shopping season – Wood received a letter from company President and CEO Gregg Steinhafel informing him that his “name, mailing address, phone number or e-mail address may have been taken during the intrusion.”
In the letter, Steinhafel apologized for any inconvenience the incident might have caused and offered Wood a year of free credit monitoring.
Wood fears the damage might already have been done. Just days after shopping in mid-December at Target in the Augusta Exchange, Wood checked his bank account with SRP Federal Credit Union and saw three fraudulent transactions totaling $140 that had been made in Louisiana.
Wood, whose card was immediately canceled, was refunded by SRP for the charges and just got his new card in the mail.
One lesson Wood said he’s learned is to no longer use his debit card to make in-store purchases.
“If you use debit, that’s how they can get your PIN, so I have to start doing only credit now,” Wood said. “I’m having to get used to that now.”
EXPERTS AGREE THAT consumers who routinely pay retailers with a credit card instead of a debit card are more protected if their personal information is exposed during a security data breach.
Under the Fair Credit Billing Act, cardholders aren’t liable for any unauthorized charges if a credit card number is stolen.
Debit cards also are more dangerous to use in stores because they can give cyber thieves access to all the money in your checking account, SRP President Ed Templeton said.
“If you have your debit card breached, they can wipe out all the money in your checking account before you even know it,” he said. “Then you have the cascade effect.”
Templeton said SRP, which has 15 offices across metro Augusta, had nearly 7,000 accounts involved in Target’s security intrusion, which happened between Nov. 27 and Dec. 15. As a precaution, the credit union automatically issued new cards to those possibly affected and covered any fraudulent charges for members. Twenty cardholders reported criminal transactions during that time span, but Templeton couldn’t say for sure that they were linked to the Target breach.
One of the first steps consumers wary of identity theft should take is canceling the card used in the transaction, if it’s not automatically done by their financial institution. Otherwise, they should be prepared to monitor their accounts closely, Templeton said.
“You have to almost watch it on a daily basis because you never know when or if the breached data is going to be used,” he said.
Having to settle financial issues after the crime occurs, such as bounced checks or late fees, often poses the biggest headache for members rather than the fraudulent charge itself, Templeton said.
AS TECHNOLOGY RAPIDLY advances, cyber attacks are likely to become more sophisticated and prevalent.
The data theft at Target was worse than initially disclosed. The company announced Jan. 10 that the breach could affect an additional 70 million customers, whose names, mailing addresses, phone numbers and/or e-mail addresses were compromised.
On the heels of that announcement, luxury retailer Neiman Marcus revealed that hackers had stolen card information from an unknown number of customers.
In 2013, the Identity Theft Resource Center recorded 619 breaches – up 30 percent from 2012 – in which personal data was stolen from financial institutions, businesses, government and health care organizations. More than 58 million records were exposed, revealing Social Security numbers, credit and debit card information, financial account numbers, medical insurance numbers and other sensitive material.
Two weeks ago, officials with Phoebe Putney Hospital in Albany, Ga., began informing thousands of patients that information including names, birth dates, addresses, physician names, diagnosis information and dates of service had been taken after a password-protected, unencrypted computer went missing in November.
In 2012, a cyber attack affected about 3.6 million South Carolina taxpayers, exposing their Social Security numbers and other information.
“Consumers remain largely unaware of this issue, but retail/merchant data breaches often heighten awareness,” said Eva Velasquez, the president and CEO of the Identity Theft Resource Center.
With the data breaches at Target and Neiman Marcus making headlines in recent weeks, Velasquez said call volume at the center has increased dramatically.
“The general sentiment from consumers has been, ‘I know I’m a victim of this data breach – but what does that actually mean to me?’ ” she said.
Velasquez said customers can safeguard personal information by asking questions before readily providing Social Security numbers and asking company employees how they store and secure personal data.
“However, it’s important to realize that consumers can do everything right and still become a victim,” she said. “There are some things that are simply out of their control.”
DAVE CHATTERJEE, an associate professor of management information systems at the University of Georgia, offered the following ways that consumers can stay vigilant in keeping their personal information secure:
• Use cash instead of credit.
• Monitor all financial transactions daily.
• Set up a credit monitoring system to protect against identity fraud or theft.
• Always shred documents before trashing them. Thieves often go through garbage for discarded financial documents or digital media.
• Be aware of skimming, in which thieves capture credit or debit card information at a point-of-sale terminal.
• At a restaurant or store, be leery of employees taking a card out of sight. It can be run through a hand-held scanner, capturing information and then used to run up charges on an account.
Josh LaForce, a co-owner of ITS&S, a local company that focuses on network installation and security for businesses and consumers, said he believes the recent security breaches are bringing to light the need for regulation, not only for major retailers but also for smaller businesses.
“Congress is already working on a bill to hold companies liable or also enforce certain types of security mechanisms in their local networks,” LaForce said. “That’s what would make people feel more comfortable.”