The massive hacking attack against Target stores last month marks a turning point in how we view data security in the United States. Heretofore, major incidents involving loss or theft of customer information have been relatively few and ultimately resulted in little disruption. For that reason, American merchants have been slow to adopt more robust and technologically advanced countermeasures. That is about to change.
The sheer magnitude of the Target infiltration is without precedent. Credit card data on 40 million customers, plus personal information about another 70 million was apparently compromised. And Target is by no means the only company victimized in recent weeks, just the largest. Policy changes and technological upgrades are coming that will address some of these audacious capers, but the most important lesson is that each of us should rethink how we do business.
First, recognize that the benefits of our growing electronic interconnectedness far outweigh the risks. Data breaches, identity theft and internet fraud will always occur, and we should not freak out about it. We can and should, however, take sensible precautions to minimize the risks and to facilitate a speedy recovery when we do experience the inevitable breach. Given time, it will happen to you but it can be rectified.
Check your statements often for evidence of unauthorized access or unrecognized purchases. Legally, once a month when your regular statement arrives is sufficient, but oftener is better. Move to online paperless reporting for your accounts and log in between statement periods. The sooner you discover an attack the easier it is to fix.
If you used a debit card at any retail establishment, restaurant or gas station in the past year it is probably wise to cancel the card and ask your bank to issue a new one. This is especially true if you shopped at Target recently, but many other stores experienced similar attacks. With so many accounts compromised, it could take months for your stolen information to be sold and used. Better safe than sorry.
It is best not to use your debit card for these types of transactions in the first place. Use credit cards for dining and shopping, as legal protections are stronger than for debit cards. Although you are unlikely to experience any significant losses if your bank is promptly notified, it is nevertheless more disruptive and inconvenient to untangle a hack into your bank account than to cancel a stolen credit card.
Target in particular has responded well to a most difficult situation. The retailer is offering customers one year of free credit monitoring from Experian, including a credit report, daily fraud monitoring and access to a security professional in the event of a breach. Neiman Marcus, another recent victim, has announced similar coverage and other merchants will no doubt follow suit. Information and directions for enrollment are available on the companies' websites. It is an excellent idea to avail yourself of the offer.
Finally, you might reconsider whether an inbox full of discount coupons is really worth increasing the odds of having your data stolen. Think about refusing next time a store requests your email address and personal data. It's not that hard to find a sale.
Christopher A. Hopkins, CFA, is vice president of Barnett & Co. Advisors.