The recent security breaches involving Target and Nieman Marcus are sobering reminders that our personal data is vulnerable to hackers.
We entrust online retailers with our credit card numbers, email addresses, passwords and home addresses. While most reputable retailers take precautions to protect our personal information, no data system is completely secure. At the U.S. Attorney’s Office, we have prosecuted cases involving identity theft and credit card fraud.
Government and private entities are working to harden data security, but consumers can also take steps to protect themselves. First, when a credit card is compromised, experts advise consumers to take several steps.
- Contact the company that issued the card and report the theft, cancel the account and request a new account.
- Ask your credit card companies to credit unauthorized charges. Many companies will do so if the theft is reported promptly.
- Immediately review account statements closely and report unauthorized charges, even those in small dollar amounts. Criminals will sometimes test whether a credit card is active with a small charge before charging a larger amount.
- Change PIN numbers and passwords on all of your online accounts. This step is particularly inconvenient for frequent online shoppers, but necessary to avoid further harm.
- Obtain a copy of your credit report and examine other accounts to determine whether the theft has gone beyond the credit card that you know was stolen.
Target and Nieman Marcus have said that they have notified customers whose data was affected. In addition, Target customers who think they may have been victimized may call 866-852-8680. Nieman Marcus customers may call 800-685-6695.
Malicious software like that used in the recent hacking incidents may be unavoidable for anyone who shops online, but consumers can take preventive measures to best protect themselves from becoming a victim of credit card fraud. Experts offer these tips:
- Don't respond to email or phone requests from your bank or credit card company asking for your personal information. Legitimate banks and credit card companies will not seek this information from you by email or phone.
- Use different passwords for different accounts, so that if your account is compromised, you can limit the damage to that account.
- When disposing of a computer or smart phone, remove personal data. A wipe utility program can be used to erase the hard drive of a laptop or desktop computer. Remove the memory or subscriber identity module ("SIM") card from a mobile device.
- Limit the amount of information you share on social networking sites. Consider whether the benefit of birthday greetings from friends afar is worth damage to your credit rating when a criminal learns your date of birth. Also limit access to your networking pages to people you know well.
- Promptly collect the mail that you receive in your mailbox. Identity thieves steal bank and credit card statements from mailboxes.
More information about protecting your data security is available from the Federal Trade Commission at http://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure.
Barbara L. McQuade
United States Attorney
Eastern District of Michigan