Reuters, Published January 14 2014
Experts say keep eye on accounts, protect Social Security number in wake of Target leakLate last year, Target reported that thieves stole cardholder names, card numbers and three-digit security codes between Nov. 27 and Dec. 15.
Last week, the retailer said personal information was stolen, including email addresses and phone numbers. Hackers stole the information of at least 70 million people, Target says.
Here are experts’ answers to some basic questions:
Q: What should Target customers do?
A: At a minimum, customers who shopped at Target during the affected period with a debit card should change their PIN, the personal identification number. You can also request a new debit card from the issuer.
Credit card users can change passwords or ask for a new card, but that may be more trouble than it’s worth and give a false sense of security because the new card is just as vulnerable.
“It is going to quite a hassle to update all of your subscriptions and services attached to that card,” said Yaron Samid, chief executive of BillGuard, a company that offers a free service monitoring credit and debit cards for unusual activity.
Target says it is offering one year of free credit monitoring and identity theft protection to all Target customers who shopped at U.S. stores.
Target customers have three months to enroll in the program. The company says it will announce additional details this week.
Customers who have additional questions can call Target’s hotline at (866) 852-8680.
Q: What should all consumers do?
A: The first line of defense for all credit and debit card holders is to closely monitor your credit and debit card statements all the time, say security experts.
If charges are not disputed, a thief will know the information is valid, allowing the card to be used again illegally, said Yaron Samid, chief executive of BillGuard, a company that offers a free service monitoring credit and debit cards for unusual activity. Fraudulent charges are often small in scope, because thieves know they are less likely to be noticed.
If you dispute a charge on a credit card, the issuer will typically credit that amount back to you, and then investigate.
With debit cards, which have fewer protections against fraud, the bank will decide to investigate, then decide when and if to credit the amount back to your account.
The most aggressive action a consumer can take is to freeze their accounts, which restricts access to your credit report. That can stop account fraud cold when crooks apply for credit using your information, though lifting a credit freeze if you want to apply for a loan or a new credit card is a bit cumbersome. It involves a password-protected process and often carries a fee. It might take up to three days.
Q: How are consumers at further risk than just their debit card and PINs being stolen?
A: Any personal information stolen, like email addresses and phone numbers, could be used for other identity theft “phishing” attacks, where a criminal contacts a person looking for even more information and access to accounts.
In the Target data breach, piggyback attacks could come from scammers pretending to be banks or credit card issuers, asking you for more information, particularly your Social Security number, said Robert Siciliano, online security expert for Internet security company McAfee Inc.
“The goal of the bad guy is always to get a credit card under your name — to take one over or get a new one,” Siciliano said.
The good news is that in order to do that, a thief needs your Social Security number, and Social Security information was not passed along in this breach, Siciliano noted. The bad news is thieves will work during a long period of time to bait you for sensitive information, luring you in with what they already have stolen, he added.