3 Steps to Take After a Data Breach

Target and Neiman Marcus weren’t the first, and they certainly won’t be the last retailers to suffer a data breach. In fact, the FBI has warned retailers to prepare for more cyber attacks this year that could compromise customers’ personal information.

While there is little consumers can do to protect themselves from these massive breaches other than always using cash, how they react to a data break-in can help minimize the damage. “Consumers have to very carefully monitor their credit card and bank statements all the time,” says Chester Wisniewski, senior security advisor at security company Sophos. “Yes we are hearing about breaches but retailers often don’t know when things are happening.”

1. Become Informed


Massive data breaches bring a lot of media attention and get people talking, but it’s important to stay informed on exactly what happened and when before making any extreme decisions.

“It’s a bit extreme to live a cash only lifestyle,” says Wisniewski. “It’s going to cost Target and Neiman Marcus a whole ton of money, but the victims of the breach themselves are protected by the banks and the retail establishments.”

He says consumers have up to a month to report fraud and many banks have been proactively issuing new cards to impacted customers. For its part, Target is offering free credit card monitoring services for a year to affected customers.

Settling fraudulent charges might be harder for debit card users. “Unlike a credit card where you can dispute the charges for 30 days, once the money is taken out [using a debit account] it can take five to 10 days to figure out it should be put back in,” says Steve Schwartz, president of Identity Guard. “In the meantime, if the rent is due nobody is going to help.”

2. Contact Credit Issuers


Eric Chiu, president & co-founder of cloud control company HyTrust, recommends that anyone who shopped at a hacked company should assume their information was stolen and act accordingly. Ask your creditors to issue you a new card, particularly the ones you use at retailers, he says.

Even if the breach occurred several months ago, it can take months for fraudulent activity to show up on a credit card statement. That means you should always be diligent about reviewing your bills and verifying each purchase.

If any strange activity does show up, Julie Springer, vice president at TransUnion, suggests contacting your financial institutions immediately as well as the three credit rating agencies to have them put a fraud alert on your account.

If the fraud is particularly bad, consumers can have a freeze placed on their credit, which means no one will be able to open up a new line of credit without permission. “It’s a quick shut down,” says Springer. She adds that you should also be mindful of phone calls from people you don’t know like bill collectors or creditors questioning your account. That’s a surefire sign that someone has been messing with your credit and identity, she says.

3. Always Play Defense


Criminals are after as much of your personal information that they can get, so always be careful with what you make available and what you click online. While the credit card numbers and code on the back of a card or kept in a database is all some thieves are after, your birth date, Social Security and family information can also be valuable.

Once scammers have your email address, they can send out phishing attacks to get more information such as your Social Security number or account passwords. “Everything you do and buy, your family information, all of that is being stored on central databases at retailers,” says Chiu. “Be very careful of any email that you receive and don’t click on those links to log into a website.”