Published in Pawtucket Times, October 17, 2014
It seems to happen all the time. Just recently Target Corporation, Home Depot, Dairy Queen and Neiman Marcus – followed by Michaels, and more recently JPMorgan Chase and Kmart – found their data systems being breached. I thought that I had dodged the bullet from being a victim until last month when I received a letter from my local savings and loan warning me about a potential security breach affecting my credit card.
Data breaches and hacking annually affect millions of Americans, costing billions of dollars and countless hours for consumers to correct problems resulting from identity theft and fraud that results in their checks bouncing and being accessed late fees.
Data Breaches Not a Rare Occurrence
What exactly is a data breach? Simply put, a data breach occurs when a company’s database, typically containing customer information, is hacked by sophisticated malware programs that can infiltrate a company’s network, sometimes for months before being noticed.
“Not that long ago, we were taught to always know where your wallet or purse was to ensure we didn’t fall victim to a pickpocket. Yesterday’s common street thief is today’s computer hacker, and it is often months before you realized they’ve virtually picked your pocket,” said Attorney General Peter Kilmartin.
According to the Rhode Island Attorney General, his staff has been busy in the past year informing consumers about the data breaches at some of best-known retail and financial companies. He says last year, there were multiple reports of massive data breaches at the nation’s largest corporations. According to a recent survey, 43 percent of companies have suffered one data breach this past year, and 60 percent say they’ve been struck by multiple data breaches in the last two years.
“In today’s technology–driven and paperless retail marketplace, it is inevitable that some, if not all, of your personal and financial information – credit card and banking information, email, and social security number – will be compromised,” warns Kilmartin.
Congressman James Langevin has been a leader on the issue of cyber security, and is leading efforts inside the Washington Beltway. “Stories of public data breaches are becoming increasingly common, and if a Fortune 500 company is susceptible to these types of breaches, we can be sure that similar attacks are possible among other retailers and businesses,” said Congressman Jim Langevin, the co-founder and co-chair of the Congressional Cybersecurity Caucus. “I have been sounding the alarm on cybersecurity for years, and I fear the consequences if we delay any further the steps needed to strengthen our technology infrastructure,” said Langevin.
The Democratic lawmaker, serving the second congressional district since 1991, says, “I am particularly concerned about the potential for cyber attack against critical infrastructure, including our power grid, wastewater management and banking and health care systems, just to name a few. All of these essential services are tied into technology, and it is going to take both a strong commitment from government and a continued partnership between public and private industry in order to get us where we need to be on cyber security. Securing these networks must be a priority, and I believe it is a crucial component of our national and economic security strategies.”
Kilmartin says make no doubt about it, data breaches are a crime, but law enforcement has significant hurdles to overcome when investigating cyber crimes. “Companies that have been targets of recent data breaches are working with federal law enforcement authorities to investigate how the breach happened and who is responsible,” he notes, stressing that early evidence shows that most of the sophisticated criminal enterprises that commit cyber crimes operate outside of the United States, often in Eastern Europe. “The hackers are out of the reach of traditional law enforcement and US Courts, but that has not stopped local, state and federal authorities from investigating,” he says.
Consumers Must Become Their Own Watchdog
“Consumers in today’s world need to continually monitor their electronic purchases, their personal medical information, as well as their banking records. Consumers can follow all the rules to protect their information, and if a business or other entity entrusted with this information is vulnerable, consumers, through no fault of their own, can still be impacted. Many times, a consumer’s first contact with law enforcement may be dealing with the aftermath of a data breach or identity theft. Please know that we are there to help you and will thoroughly investigate to resolve these crimes,” stated Colonel Steven G. O’Donnell, Superintendent of the Rhode Island State Police.
Kilmartin also confirmed that he and attorneys general in several states are looking into these data breaches and hope to get answers from the companies targeted as to how and why they took place. “There are multi-state investigations by attorneys general into how these companies left consumer information vulnerable to an attack,” he said, noting, “as consumer advocates, we are determined to get to the bottom of these data breaches and to work with the companies to better protect the consumer.”
Kilmartin believes it is up to consumers to be their own watchdog: “While companies and law enforcement officials are trying to put an end to this trend, the only way someone can protect themselves is to be vigilant in monitoring their personal and financial information. And by that, I mean check your banking and credit card statements regularly and limit how much information you share with companies.”
Keeping Credit Card Thieves At Bay
Kilmartin says, “I always tell consumers that the best way to protect yourself from scams is education. Being wary of potential scams, and being a savvy consumer is the best way to stop a scam artist in their tracks.” He offers the following common sense tips to protect your credit:
Check your credit card and debit card statements regularly, and on a line-by-line basis. One may think to only look for large unauthorized charges, but thieves may place a small charge – only a few dollars – to check if the card is active. If that charge goes unnoticed, thieves will then make a large unauthorized purchase. Report all suspicious charges, no matter how small. And, check your statements every day if possible. “It may be too late to recoup some or all of your money if you don’t report it immediately,” said Kilmartin.
If you notice an unauthorized charge, report it to your financial institution immediately, cancel the card and have the bank issue you a new one.
Kilmartin recommends consumers take advantage of free credit monitoring many affected companies are offering. “Companies who have been impacted by a data breach don’t want to lose customer loyalty. Many offer up to one free year of credit monitoring for any consumer who shopped there during the breach,” he adds.
Consider adding a fraud alert to your credit report file to protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures, which may include contacting you directly, before authorizing the credit card, says Kilmartin, noting that while this may delay your ability to obtain credit immediately, it will protect you from someone fraudulently opening a credit card in your name.
Kilmartin urges Rhode Islanders to be suspicious of emails, phone calls, or text messages claiming to be from your bank or a retailer you shopped at. Hackers may not have gained access to all the information they need, and will often use the information they do have, like name, date of birth or credit card number to convince you to part with even more sensitive information, such as passwords or social security numbers. When in doubt, call your financial institution directly with questions. The phone number is usually on the back of credit cards and debit cards.
Update your computer’s anti-virus software. Just as hackers have wormed their way into secure databases at large-scale companies, they can worm their way into your computer.
Change your passwords. The most basic way to stop an intruder is to lock the door. Set strong passwords and don’t reuse them for different accounts, especially for accounts that involve your banking or credit card information.
Go “old school” and pay with cash or check. While we have become accustomed to using credit and debit cards to make everyday purchases, every company still takes U.S. currency.
Under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to http://www.annualcreditreport.com or by calling (877) 322-8228.
Herb Weiss, LRI ’12, is a Pawtucket writer who covers aging, health care, and medical issues. He can be reached at email@example.com.