In December Target reported it was a victim of a cyber attack that resulted in 40 million customer credit card numbers being compromised and misused. This past weekend Target reported the breach encompassed another 70 million consumer credit cards. Target CEO Greg Steinhafel told CNBC yesterday, “We are accountable and we are responsible.” The breach exemplified a type of identity theft known as existing (credit card) account fraud.
Last Friday, Neiman Marcus reported that they too (and their customers) were victimized by a similar cyber attack last year. Neiman Marcus claim that they did not learn of the attack until January 1, and they have not reported the number of customers affected by the breach.
Recent reports suggest that it is likely that other retailers were involved in the cyber attack, but they either are not reporting the breach or they do not know that their credit card payment systems were breached.
Most every state and U.S. Territory have data breach laws requiring organizations to notify consumers when there is a data breach. Despite the law, many organizations do not report breaches because they are concerned with the consequences. For example, it was reported that Target sales dropped two-to-six percent during the holiday season after they reported the breach on December 19, 2013.
Subsequent to the initial reports by Target that only basic consumer information (name, address, telephone number) and the credit card number were compromised, Target confirmed the identity thieves also obtained the debit PIN numbers, which could put money in the bank at risk if the identity thieves can break the debit card PIN encryption code.
Although consumer victims involved in the Target breach have zero liability for fraudulent transactions especially when they are reported promptly to the credit or debit card issuer, these fraudulent transactions may cause unnecessary inconveniences and stress for consumers. Consumers should do whatever possible to avoid becoming a victim of identity theft and to terminate any known or suspected fraud as quickly as possible in order to avoid further complications, inconveniences and post traumatic stress syndrome.
Credit and debits cards are a convenience, but due to the risk and sophistication of cyber attacks, consumers should assume their card information will be compromised and be prepared to handle a data breach regardless if their credit or debit cards are stolen through a lost wallet or purse or if they come under a cyber attack during a transaction at an online or bricks and mortar retailer.
Despite myriad consumer protection laws on identity theft, credit card and debit card liability and fraud, an identity thief can wreak havoc on one’s life through inconveniences and emotional stress even when there is little or no financial liability such as in the Target data breach.
State-of-the-art identity protection plans provide a broad range of credit and account monitoring. The most sophisticated identity protection plans provide services that continually search and match the consumer’s bank, debit, credit and even health account numbers with those account numbers for sale on the deep internet where identity thieves trade and sell such consumer information.
By knowing your account number is for sale, allows one to take preventive action and prevent further victimization. The best defense against identity theft today is to purchase comprehensive identity theft protection.