In mid-December, Target said that criminals had forced their way into its computer system and gained access to customer credit and debit card information. Initially, Target said about 40 million shoppers were affected.
Last week, the retailer disclosed that the personal data for an additional 70 million customers — names, phone numbers and email addresses — had also been stolen.
With your personal information, identity thieves can do a lot of financial harm. They can gain access to your bank account, open utility or mobile phone accounts or get medical treatment using your health insurance.
I hear a lot of stories about identity theft. A banker once told me even his information was stolen during a data breach. In that incident, someone was able to get an auto loan with his stolen information. Because the crook paid the loan on time, the victim had a hard time clearing the matter up.
In a full-page ad that ran in major newspapers, Gregg Steinhafel, Target’s chairman, noted: “I know this breach has had a real impact on you, creating a great deal of confusion and frustration. I share those feelings. You expect more from us and deserve better.”
Now we’ve also learned that luxury retailer Neiman Marcus was hit by hackers.
People are asking me if it’s safe to use their credit or debit cards at the stores. Probably safer now, but you’re still vulnerable because the bits and bytes that make up your personal information aren’t in your hands.
Do the recent data breaches mean we should stop using plastic?
That won’t happen. Even though studies show that people tend to spend more when they use credit and debit, we are a nation addicted to these conveniences. It’s easier to swipe and spend than to save up and use cash.
Target has promised customers whose information was compromised that they will not be liable for any fraudulent charges arising from the breach. The company has partnered with Experian to offer one year of free credit monitoring and identity theft insurance to anyone who shopped at Target’s U.S. stores.
Yet even with credit monitoring, your information can still be used by identity thieves. The notices you get as part of a monitoring system are after the fact, after something suspicious or fraudulent might have happened. You might catch something early but you can’t totally prevent your information from being used to commit identity theft.
Still, we have to take whatever precautions we can. In the case of Target, go ahead and register. Go to creditmonitoring.target.com before April 23. You will receive an activation code that then must be redeemed by April 30. I thought it was ironic that as part of the registration process, I have to provide my name, email, address and Social Security number, all to verify my identity. Then there is this promise, “the process of sending and receiving your information is encrypted. ... This technology helps ensure that your credit card and other sensitive information are protected.”
But here’s an example of why you need to take steps to protect yourself. I got a call this week from someone claiming he could help insure me against hackers. Since I frequently shop at Target and did so during the period of the data breach, I wondered if the very suspicious call was the result of that incident. The caller tried to get me to divulge personal information. He provided some convoluted explanation about how he got my information. I listened for a bit and then told him I believed he was trying to scam me and hung up. If you want to file a complaint about identity theft, you can contact the Federal Trade Commission.
I’ve become paranoid about my personal information. My husband and I have set up systems where we get regular text and email alerts connected to our credit cards and bank accounts. I often call my credit card lender to let the company know we’re going on vacation and where. Otherwise, our charges may not go through.
Knowing that your personal information can’t be fully protected, be as vigilant as possible. Be your own privacy cop. Scrutinize your credit and debit card statements. And given the breaches that have happen and will happen, don’t trust until you’ve verified anything and everything anyone says.
Michelle Singletary: email@example.com.
Washington Post Writers Group