What you should do about the Target data breach
Target today provided an update on the customer information data breach that was first disclosed last month. Instead of the 40 million individuals that were originally thought to be impacted by the breach, the number has now reached 70 million and is still climbing, with stolen information including names, mailing addresses, phone numbers, and e-mail addresses.
The company stressed that this latest discovery was not the result of a new breach but rather was uncovered as part of the ongoing investigation into the original data theft. The unauthorized access took place between November 27th and December 15th, 2013 and potentially impacted every customer who used a payment card at any of the 1,800 U.S.-based Target stores during that timeframe.
As part of the latest announcement, Target again stressed that customers will not be responsible for fraudulent charges, although that offers little comfort to the millions of individuals who now realize they have been exposed to wholesale identity theft as well as credit and debit card fraud.
So if you are a Target customer, what should you do to protect yourself? Well, there are a few simple steps you can take and some that are a little more complicated. Here’s a quick run through of the recommended actions:
Check your statements
The first step is to thoroughly check your bank and credit card statements to make sure you haven’t already been subjected to fraudulent activity. As The New York Times reported, there was a ten- to twentyfold increase in the number of high-value stolen payment cards on black market web sites immediately following the Target data breach. While Target released a statement on December 20th saying it was aware of only a few incidents of unlawful activity, criminals will often wait until the early security scare has died down before initiating those first fraudulent transactions.
Cancel your card
This is a hard thing to do – it can be a huge inconvenience – but it’s a very important step in protecting both your credit and your identity. As suggested above, it’s easy to get a false sense of security when those fraudulent charges don’t show up in the first couple of weeks but that’s what the bad guys are relying on.
If you replace your card, go back over your credit or debit card statements for the last 12 months and make a note of all the automatic monthly payments and direct debits. They can include anything from Netflix fees to your iTunes account to domain name registrations. I replaced a commonly used credit card early last year and I am still getting notices from various service providers about declined charges.
Even though it’s an inconvenience, replacing the impacted payment card is the right thing to do. The data on that card has been compromised and it’s all too easy for that information to fall into the wrong hands.
Check your credit reports
If you don’t already check your credit reports, then this is the perfect opportunity to start doing so. Although you can request a free credit report from the three main credit bureaus, Equifax, Experian and TransUnion, this will only give you a once-a-year snapshot of your credit picture. If you’re at risk from the Target data breach, it would be better to engage a credit monitoring service, which will automatically notify you of any change to your credit status, however minor.
In fact, as part of its response to the data breach, Target is offering customers free credit monitoring and identity theft protection. Although details of the plan have yet to be released, the service will include complimentary credit reports, daily credit monitoring, identity theft insurance, and access to personalized assistance. While some customers might balk at the thought of handing over social security numbers and additional personal information to a company that was the target of one of the biggest ever data thefts, it is definitely something worth considering.
In summary, close monitoring of all your financial transactions and credit history is the key to coming out of this unscathed, and doing nothing is the worst possible option. Not surprisingly, Target is heavily engaged in damage control right now and you should be doing the same.