July 4, 2020
The never-ending number of breaches and hacks prove that your sensitive financial and personal data isn’t necessarily safe. Capital One, the credit card company, said 106 million of its customers’ data and information was compromised in July 2019.1 Marriott, T-Mobile, Facebook, and Panera all experienced breaches in 2018. 2 3 4
Fast-food restaurant Wendy's was hit by a malware-based credit and debit card breach in 2016 that leaked customer payment information at more than 1,000 different locations.5 The Home Depot data breach back in 2014 affected some 56 million credit and debit cards.6 The well-known Target breach from 2013 affected about 40 million consumers.7
Why do cyber thieves take the time to wreak havoc in such large proportions? Because it pays. On the black market, your credit card information is worth anywhere between $5 to over $100, according to credit reporting agency Experian.8
Data breaches are certainly part of life, and you need to know how to protect yourself. Since hackers are going after the companies that hold your information, it’s hard to stop them from getting it. All the same, you can take a number of steps to minimize the damage.
Even if you haven't been hacked yet, many of the seven moves described below can make your information less easy to find and less usable if you are caught up in a breach.
- Data breaches that comprise your credit card information are becoming commonplace.
- Well-known breaches that comprised customer data include the 2013 Target breach, 2015 Home Depot incident, and 2019 Capital One hacking.
- If you’re the victim of a breach, key steps to protecting your credit include ordering a replacement card immediately and freezing your credit report but it's best to avoid signing up for high-priced fraud protection.
- There are keys to helping prevent potential breaches, which include being on the lookout for phishing schemes and using “tough to crack” passwords.
1. Get a Replacement Card
If you've been told you're part of a data breach, tell the company that you need a new card immediately. You’re not likely to get any pushback from the already embarrassed company. If you do, don’t back down.
2. Check Your Account Online
Don’t wait to check it when the statement arrives—check your account regularly online. Keep checking daily for at least 30 days even after you get a new card. If you find a suspicious charge, dispute it immediately.
3. Freeze Your Credit
If you are caught up in a data breach, call each of the three main credit bureaus and request that your credit report be frozen. Freezing means no one will be able to access your credit report without your approval. Creditors likely won’t approve an application without having access to your credit report.
If you're deeply worried about potential breaches, you can also freeze your accounts proactively—you don't have to be a fraud victim. However, this step makes getting any kind of credit exceedingly cumbersome for you and the potential lender, so you may want to think twice about taking it.
4. Order Your Credit Reports
You get one free credit report per year from each credit reporting company by law, but you’ll probably be eligible for more frequent free reports if you were already a victim of fraud.9 Even if you haven't been targeted yet, be proactive and take a look at your free reports. Ideally, you can order one every four months by staggering the requests across the three main credit reporting agencies, so you can be better covered across the entire year.
5. Watch for Phishing Scams
Just because thieves have your credit card number doesn’t mean they also have its expiration date and the three- or four-digit CVV number. Beware of phishing, a scam where the thief might send an email or call in an attempt to gain the rest of the information.
Don’t give your information to anybody unless you call them. If somebody leaves a message, go to the company’s website and find a contact number to make sure it matches what the person in the message provided. For even more security, call the company directly and make sure the person who called you is legitimate.
6. Don’t Sign Up for High-Priced Fraud Protection
In the panic of the moment, you might be tempted to shell out hundreds of dollars per year for credit monitoring services. Don’t do it. By closely reviewing the information you get free of charge, you can monitor your own accounts. If a company provides the information to you free of charge, make sure to cancel the service before the renewal date.
7. Be Smart About Passwords
You aren’t going to prevent a breach by employing all of the password rules, but you don’t know what kind of information thieves were about to steal. Use strong passwords (random letters and numbers) and change them frequently. Remember, if it’s easy for you to remember, it's probably easy for a savvy cyberthief to crack.
You may also want to take advantage of additional digital security measures such as two-factor authentication that deliver a special one-time code to a trusted device, such as a mobile phone. This provides a secondary layer of protection that requires physical possession of your device before allowing an unknown sign-in to your accounts. Newer types of authentication such as Face ID and Touch ID on iPhones are slowly replacing passwords as a legitimate means to grant a person access to sensitive financial information.
The Bottom Line
If you haven't been a victim yet, act proactively to make yourself less vulnerable. If you have, don’t panic. It’s going to take time to clear everything up, but you won’t pay for any charges that weren’t yours. Call your credit card company, tell them about any incorrect charges and be patient as it works to clear them from your account. In the meantime, continue monitoring your credit report and credit card bills for any further signs of unauthorized activity.
- Capital One. "Information on the Capital One Cyber Incident." Accessed June 26, 2020.
- Marriott International. "Marriott Announces Starwood Guest Reservation Database Security Incident." Accessed June 27, 2020.
- Facebook. "Security Update." Accessed June 27, 2020.
- Identity Force. "2018 Data Breaches: The Worst Breaches of the Year." Accessed June 26, 2020.
- Krebs on Security. "1,025 Wendy's Locations Hit in Card Breach." Accessed June 26, 2020.
- Home Depot. "The Home Depot Completes Malware Elimination and Enhanced Encryption of Payment Data in All U.S. Stores," Page 1. Accessed June 26, 2020.
- Target. "Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores." Accessed June 26, 2020.
- Experian. "Here’s How Much Your Personal Information Is Selling for on the Dark Web." Accessed June 26, 2020.
- Consumer Financial Protection Bureau. "How Do I Get a Copy of My Credit Reports?" Accessed June 26, 2020.