A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. Victims of data breaches are usually large companies or organizations, and the data stolen may typically be sensitive, proprietary or confidential in nature (such as credit and debit card numbers, social security numbers, health records, customer data, trade secrets or matters of national security).
Data breaches are a major threat that can involve billions of dollars. Since 2005, more than 250 million records containing sensitive information have been involved in security breaches. Although word of such massive breaches can leave you feeling helpless, there are things you can do to protect yourself and prepare for the worst.
Do your homework. You should be able to find out about prior security lapses involving data systems at major banks. Before doing business with a financial institution, go online for information regarding past data breaches.
But just doing your homework won’t be enough. For example, it’s tough to be aware of existing back-end relationships between companies you do business with and their card processors. Banks share their data with these firms, and a breach at one of these third-party companies can expose massive amounts of a company’s data — including yours.
Prioritize information protection. All security breaches are not alike and some information needs to be more closely guarded. Your social security number is a higher risk than a credit card number. Other information, such as health information and date of birth, represents a lower risk, but should still be protected. It is not wise to put your date of birth on Facebook, as many do.
Stick to credit. Credit card information represents a lower risk than the loss of debit card information. While many issuers have zero-liability policies to protect consumers from unauthorized charges on either debit or credit cards, it can take more time to recover debit card funds, since they’re taken directly from your account. During that time, an empty account can mean bounced checks and overdraft fees.
Monitor all accounts. If the bank has notified you that one credit card was compromised, for example, experts encourage cardholders to monitor for unusual activity across all their accounts. That’s because the threat is not limited to that one point of attack. When a hacker has one piece of information in all likelihood, they have others. Consumers need to be vigilant about scanning their entire credit report for strange activity.
Continue to monitor. If your personal information is compromised, be vigilant for an extended period following the actual breach. Data can remain unused for a time before the identity thieves actually use it. If the breach is initiated outside the United States, your information may pass through several hands as it gets sold and then used.
Consider your options. Consumers whose data is compromised may be offered their bank’s free credit monitoring service, which experts say can be a good option for spotting any follow-up fraud activity. A credit freeze can prevent fraudsters from opening any new accounts in your name. Experts advise checking your credit report regularly for any unauthorized activity that could indicate identity theft. If you find a debt that isn’t yours, be sure to dispute its accuracy with the lender.
Take extra care with medical records. While checking credit reports allows consumers to find fraudulent financial activity, medical information is less frequently used by consumers and more difficult to access in a single place. But lost medical data is still a cause for concern. Medical identity theft is the only type of identity theft that can potentially kill you. If someone piggybacks on your insurance information and gives their medical information to the doctor or hospital, medical professionals may have the fraudster’s blood type and allergies on record instead of yours.
Deal with debt collectors. Be prepared for phone calls from debt collectors seeking money for accounts fraudulently opened in your name. If you do get a call, get the identity of both the debt collector and the lender to whom the debt is owed. Then take immediate action.
Contact your state. Forty-six states have passed laws requiring businesses to notify consumers in the event that their sensitive personal data is stolen. Reach out to your state’s attorney general for help. States have the best infrastructure for providing residents with redress, either administratively or via the courts.
Stay vigilant and don’t panic. Most instances of data breach don’t result in identity theft. Even if your personal information is compromised, take heart. As long as you bare paying attention to charges your account, there isn’t any liability for residents of the 46 states with existing notification laws.