One of the best parts of my job is helping address readers’ financial concerns. The data breach at Target had a lot of people really worried.
During my last online discussion of the year, a number of people were concerned that information on about 40 million credit and debit card accounts was accessed between Nov. 27 and Dec. 15. It included customer names and credit or debit card numbers, expiration dates and security codes. The data breach affected only in-store purchases, according to Target. Here are some of the readers’ questions:
Q: How can the information about one credit card lead to identity theft?
Singletary: The Federal Trade Commission says identity theft is the No. 1 complaint it gets from consumers every year.
There are many forms of identity theft. If identity thieves have your personal information, they can access your bank account, buy a car, open utility or mobile phone accounts or get medical treatment using your health insurance. Identity thieves can use stolen debit or credit card data to create counterfeit cards or make online purchases. Brian Krebs, who runs the Web site KrebsOnSecurity, has found that credit and debit card accounts with stolen information from Target customers already have been selling on the black market. In a blog post, Krebs, a former Washington Post reporter, details how the cards were being sold. It’s quite scary.
More than 12 million people were victims of identity fraud in the United States in 2012, and criminals stole nearly $21 billion, according to Javelin Strategy and Research, which tracks identity fraud trends. Here’s something to consider: Javelin found that consumers whose Social Security numbers had been compromised in a data breach were five times as likely as other consumers to become victims of fraud.
We become more aware of identity theft when big breaches are disclosed. And many people make things easy for identity thieves. When I give seminars on identity theft, I ask participants, “What’s in your wallet?” It never ceases to amaze me how much personal information people carry around. One time a woman reached into her purse and pulled out her children’s birth certificates, Social Security cards and passports. She had registered the kids at a new school a few months earlier and had forgotten to return the materials to her file folder at home. Many people have laminated Social Security cards in their wallets. Others had old mortgage bills with them. Information about your lenders can be used in security checks to verify your identity.
Q: It is time for the credit card companies to come up with something new to protect their customers. Short of millions of customers canceling their credit cards, what can we do to protect ourselves? Just because crooks have the information doesn’t mean they will use it right away. It could be months before they use anyone’s information, so checking now for activity could miss it.
Singletary: In its most recent identity theft report, Javelin said one in four people notified of a breach ended up becoming a fraud victim. So if you shopped at Target during the period its system was compromised, you need to take steps to protect yourself. If you see any unauthorized activity, contact your credit card company or your financial institution. In addition, call the FTC at 877-438-4338. You can find information about other steps you can take at www.consumer.gov/idtheft.
Most important, you will need to monitor your credit reports from all three major credit bureaus: Equifax, Experian and TransUnion. You should be checking your reports as a routine precaution. You can get free copies of your credit reports from www.annualcreditreport.com or by calling 877-322-8228. You are entitled to one free report from each bureau every 12 months. Additionally, identity theft victims are entitled to a free credit report from each of the credit bureaus.
If you do become a victim or are worried about your information being stolen, you can place extended fraud alerts or credit freezes on your credit files. To find out more about how those work, go to www.ftc.gov and click on the link for “Tips & Advice.” Under the consumer section, you will find an identity fraud link that includes information on placing both extended fraud alerts and credit freezes on your credit reports.
Every time we hear of one of these data breach cases, the companies involved tell their customers that they deeply regret the inconvenience it might cause. They pledge to enhance security procedures. But no matter how many firewalls are built to protect our information, the con artists and hackers are actively working to outsmart the companies that store consumer data.
Readers may write to Michelle Singletary at The Washington Post, 1150 15th St. NW, Washington, D.C. 20071 or firstname.lastname@example.org. Personal responses may not be possible, and comments or questions may be used in a future column, with the writer’s name, unless otherwise requested. To read previous Color of Money columns, go to postbusiness.com.