Data breaches costly for retailers, customers

Source: Dayton Daily News, OhioJan.文件倉 14--Security breaches at major retailers including Target and Neiman Marcus in which thieves stole payment card information from millions of customers could erode consumer confidence, and have costly and lasting effects for those companies, local lretail experts said.Target Corp. last week disclosed that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December.On Saturday, luxury retailer Neiman Marcus confirmed that hackers stole credit and debit card information from up to 1 million customers and made unauthorized charges over the 2013 holiday season.It is unclear if Target customers saw unauthorized charges as a result of the breach."This is going to affect those retailers, especially Target, in a very negative way," said Serdar Durmusoglu, a University of Dayton associate professor of marketing.Area shoppers said they would continue to shop at Target, although personal and payment card information for up to 110 million customers was stolen in a pre-Christmas data breach. Minneapolis-based Target, the nation's second-largest discount retailer, has 1,792 stores in the U.S."I'm not really too worried," said Ann Mort of Middletown. "I've been to Target since then and used a credit card."Credit and debit card information from 40 million Target customers was taken during the breach that happened from Nov. 27 to Dec. 15. An internal investigation revealed that names, mailing addresses, phone numbers or email addresses for up to 70 Target million customers also may be at risk. Some overlap exists between the two groups, officials said.Target officials said the breach was caused by malicious software, known as "malware," that was installed on point-of-sale registers at its U.S. stores."It looks like something was clearly lacking in their software, that they weren't able to detect this," Durmusoglu said.Beyond personal and payment card information, Target could have access to customers' medical information through its pharmacies, and driver's license data through liquor sales, he said.Retailers use information systems to manage customer relationships, but databases containing lucrative consumer data are attractive targets for hackers and identity thieves, experts said.According to the Privacy Rights Clearinghouse, more than 662 million records have been involved in data security breaches since 2005.In 2007, more than 90 million records were stolen from TJX Cos. Inc., the parent company of T.J. Maxx and Marshalls. The incident cost the retail chain a reported $256 million."It took them some years to recover from it, not only with respect to customer trust, but with respect to paying for some of those credit cards being misused," Durmosoglu said.Consumers are protected against data breaches by federal and state law.The Ohio Attorney General's Office has enforcement authority over the state's Security Breach Notification Act and violations under the Consumer Sales Practices Act."There is no relevant public legal action to discuss," said Kate Hanson, a spokeswoman for the AG's office.The AG's office also offers tips and assistance to Ohioans who suspect they have been victims of data breaches."Consumers should be vigilant in reviewing their credit card statements for mysterious or unfamiliar charges. If they find suspicious charges, they should contact their bank or credit card provider," Hanson said.JPMorgan Chase Bank last month temporarily limited 2 million potentially affected customers' use of debit cards and Chase Liquid cards at ATMs and for purchases until new cards could be reissued, said Emily Smith, a Chase spokeswoman."We continue to monitor our customers' accounts with sophisticated tools," Smith said. "We encourage our customers to monitor their accounts and contact us if they see any transactions they don't recognize. Electronic Benefit Transfer recipients should contact their agency and local authorities."Less than 10 percent of Chase's customers were affected by the Target breach, she said.The U.S. lacks strong federal laws regarding data breaches, leaving it for states to address, said Thaddeus Hoffmeister, a UD professor of law. "Some states, like California, have pretty good laws; other states, not so much," he said.Hoffmeister said Congress should establish national standards for reporting data breaches, as well as tougher penalties for companies whose information is accessed improperly.Target has apologized and advised customers "they will have zero liability for the cost of any fraudulent charges arising from the breach."The company also said customers will have until April 30 to sign up for one year of free credit monitoring and identity theft protection for all guests who shopped in Target stores in the U.S.Mort said customers received $5 gift cards last week at the Middletown Target. "I think they're doing everything they can to keep their customers happy," she said.Retailers such as Target use store credit cards that offer discounts to build customer loyalty. However, consumers may refuse such cards in the future for fear that they aren't secure, especially if they are tied to the customer's bank account, Durmusoglu said.Credit card companies including Visa, MasterCard, American Express and Discover reportedly plan to transition from magnetic strip payment cards to secure chipped Smart Card technology by October 2015. The Smart Cards are used in about 80 countries and contain an encrypted microchip, experts said.Existing payment methods such as personal checks and cash also have their drawbacks, Durmusoglu said.Checks typically contain personal information, including a name, mailing address and bank account number. Carrying cash isn't convenient, "and depending on what kind of a neighborhood we're talking about, it also may not be the safest way to go," he said.-- For more information:-- Target, .target.com/databreach.Creditmonitoring.target.com-- Federal Trade Commission, .ftc.gov-- Privacy Rights Clearinghouse, .privacyrights.org-- Ohio Attorney General's Office, .OhioAttorneyGeneral.gov or 800-282-0515Think you're a victim?Here is what you can do:Sign up: Ta存倉get began Monday allowing customers who shopped at their stores during the breach to register for one year of free credit monitoring and identity theft protection through ProtectMyID, provided by Experian. The Target data breach occurred between Nov. 27 and Dec. 15.Deadline: Customers have until April 23 to request an activation code and until April 30 to register for the free service. Guests who sign up will also receive daily credit monitoring, identity theft insurance where available and have personal access to fraud resolution agents.Consumer tipsA breach of security--especially involving encoded data--does not necessarily mean that your identity has been stolen but here are some other precautionary steps:-- Check your credit card and debit card accounts regularly. Monitor your accounts to look for suspicious activity, such as charges you don't remember making. If you find any errors, immediately notify your credit or debit card provider.-- Change your PIN numbers and passwords for any affected accounts.-- Watch for possible "phishing" scams designed to obtain additional personal or financial information. When a security breach is announced, scammers may create phony messages or websites to take advantage of consumers.-- Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies -- Experian, Equifax, or TransUnion -- to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.-- Check your credit report at .annualcreditreport.com. You are entitled to one free credit report per year from each of the three major credit reporting agencies. You can pull all three at once, or you can stagger pulling your reports throughout the year.TransUnion, .transunion.com, 1-800-680-7289Equifax, .equifax.com, 1-888-766-0008Experian, .experian.com, 1-888-397-3742An extended seven-year alert requires a police report indicating identity theft occurred. Active-duty alerts are available to people on active military duty.-- Freeze Credit Reports to prohibits a credit reporting agency from releasing information in your credit report without authorization or approval. This is designed to prevent impostors from using your information to be approved for credit, loans, or other services in your name.It requires requests to all three reporting agencies in writing, by certified mail or other comparable service, or through a secured electronic method. There are fees associated with this service.Source: Ohio Attorney General's OfficeMore online: View our timeline of the data breach and how to protect yourself at MyDaytonDailyNews.com/business.Following the storyDayton Daily News continues to follow this data breach with reporters Dave Larsen and Lawrence Budd interviewing retail, banking and law enforcement officials, as well as Target customers to bring you the most recent developments.Think you're a victim?Here is what you can do:Sign up: Target began Monday allowing customers who shopped at their stores during the breach to register for one year of free credit monitoring and identity theft protection through ProtectMyID, provided by Experian. The Target data breach occurred between Nov. 27 and Dec. 15.Deadline: Customers have until April 23 to request an activation code and until April 30 to register for the free service. Guests who sign up will also receive daily credit monitoring, identity theft insurance where available and have personal access to fraud resolution agents.Consumer tipsA breach of security--especially involving encoded data--does not necessarily mean that your identity has been stolen but here are some other precautionary steps:-- Check your credit card and debit card accounts regularly. Monitor your accounts to look for suspicious activity, such as charges you don't remember making. If you find any errors, immediately notify your credit or debit card provider.-- Change your PIN numbers and passwords for any affected accounts.-- Watch for possible "phishing" scams designed to obtain additional personal or financial information. When a security breach is announced, scammers may create phony messages or websites to take advantage of consumers.-- Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies -- Experian, Equifax, or TransUnion -- to place an initial fraud alert, which will stay on your credit report for 90 days. The alert is free of charge and will make it more difficult for someone to open credit in your name.-- Check your credit report at .annualcreditreport.com. You are entitled to one free credit report per year from each of the three major credit reporting agencies. You can pull all three at once, or you can stagger pulling your reports throughout the year.TransUnion, .transunion.com, 1-800-680-7289Equifax, .equifax.com, 1-888-766-0008Experian, .experian.com, 1-888-397-3742An extended seven-year alert requires a police report indicating identity theft occurred. Active-duty alerts are available to people on active military duty.-- Freeze Credit Reports to prohibits a credit reporting agency from releasing information in your credit report without authorization or approval. This is designed to prevent impostors from using your information to be approved for credit, loans, or other services in your name.It requires requests to all three reporting agencies in writing, by certified mail or other comparable service, or through a secured electronic method. There are fees associated with this service.Source: Ohio Attorney General's OfficeMore online: View our timeline of the data breach and how to protect yourself at MyDaytonDailyNews.com/business.Following the storyDayton Daily News continues to follow this data breach with reporters Dave Larsen and Lawrence Budd interviewing retail, banking and law enforcement officials, as well as Target customers to bring you the most recent developments.Copyright: ___ (c)2014 the Dayton Daily News (Dayton, Ohio) Visit the Dayton Daily News (Dayton, Ohio) at .daytondailynews.com Distributed by MCT Information Services儲存