It’s been four years since Target suffered through one of the biggest retail data breaches of customer info ever.
On May 23, the beleaguered retailer agreed to settle up with the Attorneys General of 47 states and the District of Columbia in an $18.5 million settlement, Reuters reports.
As part of the settlement, the upscale discount retailer will have to hire a third party player to encrypt card info in order to render it useless if stolen. The company must also add an information security executive to its own payroll. That person will head up the company’s efforts to better secure customer payment info now and in the future.
But the $18.5 million settlement only address the states’ investigations into the breach.
Not addressed as part of the settlement is a class-action suit that’s been brought on behalf of the shoppers who had 40 million credit and debit cards breached during the 2013 holiday shopping season.
“There is a class action settlement that is outstanding,” Target spokeswoman Jenna Reck told Reuters. “We have reached an agreement but it hasn’t been legally finalized yet.”
5 things you need to know after any data breach
Data breaches happen so often that many of us have become numb to the steady drumbeat of news about them.
But we shouldn’t be!
Here are five things you need to know anytime you’re told you’ve been involved in a data breach.
You should watch your statements carefully
When you get word that you’ve been hit, you need to go through your credit card and debit card statements with a fine tooth comb that month and the month after.
Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.
You should beware of “pretexting”
Maybe weeks or months down the road, you’ll get an email, letter or phone call that looks like an official communication from the business that was breached.
Watch out because this could be a danger known as “pretexting.”
If the crooks have your contact info, they would how to get in touch with you. And the reality is it’s so easy for criminals to mimic the exact look and feel of a corporate communication.
In a classic pretext scam, you’ll be told Target or whoever is trying to prevent crooks from draining your account…and then you’ll be asked you for all the info the real crooks need to do just that!
Pretexting can lead you to drop your defenses when you should be most alert.
Remember the basic rules of online safety. Do not click on any link in any email you receive purporting to be from the company that was breached. Do not dial any number listed as a phone number in an email. It’s easy for criminals to create fake websites and fake phone numbers.
If you believe the company is trying to get in touch with you, you must log out from your email and go directly to the company website on your own to find the true contact info. Do not sign in on any communication that comes to you where it says “click here to sign in.”
You should set up a separate account if you have a debit card
The reality is customers who use debit cards are hit hardest by any breach. If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions.
That way, only the money you transfer to your separate account is at risk in a breach — not the money you need to pay your mortgage or a car note. Or to put food on the table!
You need to understand the real dangers of debit vs. credit
To understand just how bad debit cards are, you first have to look at the consumer protections afforded to credit cards.
Normally you have a $0 liability in a case where crooks potentially have your credit card number but not the physical card. In the absolute worst-case scenario, your maximum liability would be $50…and some credit issuers will waive even that.
But if you used a debit card, it’s a whole different story!
Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card. With a breached debit card, you have only two business days after you notice that the money is gone from your account to speak up…or else your liability rises to $500.
And under some circumstances, your liability with a debit card can be unlimited!
You should do a credit freeze
The standard corporate position after a data breach is to offer free credit monitoring for a year.
But all credit monitoring does is essentially put fraud alerts on your credit files with the three main credit bureaus. These alerts are meant to raise a flag to potential creditors, alerting them to carefully verify an applicant’s identity before extending credit. Yet all too often these alerts are ignored.
There’s a better alternative and it’s called a credit freeze. You’ll pay zero to $10 per bureau to do a credit freeze, depending on your state, and it will shut a criminal down cold when they try to apply for new lines of credit in your name.
Read our credit freeze guide here; it will walk you through the easy process of putting a freeze in place on your files.