Target Credit Card Breach! What should I do?

 

Target Credit Card Breach!  What should I do?

 

By now many of you have seen the bad news about Target and the credit card breach.  (See article below)  Since i am one of the millions of customers that shopped at Target during this credit card information breach, what should I do?  Below you will find  helpful advice from the Oregon department of Justice.  I would also recommend that you contact your credit card provider  and seek their advice.

 

Here’s some tips from the Oregon Department of Justice if you think your personal information may have been compromised:

Step 1: Notify the Credit Bureaus
Request a fraud alert from one of the credit bureaus. This tells banks and other creditors to take extra steps to verify your identity before issuing credit in your name.

A fraud alert is free and will last 90 days unless you request an extended seven-year fraud alert and provide a police report. You’ll also get a free copy of your credit report, which you should review carefully.

To request a fraud alert, contact one of the three nationwide credit bureaus.
Equifax: 1-800-525-6285
Experian: 1-888-397-3742
TransUnion: 1-800-680-7289

Oregon’s Attorney General also advises you report suspected identity theft to the Federal Trade Commission.

Step 2: Consider a Security Freeze
A security freeze stops access to new credit in your name. Placing a security freeze prohibits credit reporting agencies from releasing any information about you to new creditors without your approval, making it difficult for an identity thief to use your information to open an account or obtain credit.

Step 3: Monitor Your Credit
Continue to review your credit reports every few months. Your private information that was released in the security breach may not be used right away. You can request a free credit report annually.

Step 4: Notifying Law Enforcement
Most law enforcement agencies will not issue you a police report until your private information is actually used by an ID thief. If you have any suspicion that your information is being used by a thief, contact local law enforcement immediately.

Step 5: Protect yourself from ID theft online
Oregon has a list of measures you can take to protect passwords and sensitive information you use online.  They include not using unsecured Wi-Fi networks and being aware of viruses and spyware.

Customers who have any questions about the security breach can call Target at 866-852-8680 or visit Target’s website

 

 

 

Target says 40 million credit, debit card accounts may be affected by data breach

 

 

Published December 19, 2013

Associated Presstarget

MINNEAPOLIS –  Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.

The chain said that accounts of customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have been exposed. The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. The data breach did not affect online purchases.

The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter and prevent future breaches. It said it is putting all “appropriate resources” toward the issue.

Target Corp. advised customers to check their statements carefully. Those who suspect there has been unauthorized activity on their cards should report it to their credit card companies and call Target at 866-852-8680. Cases of identity theft can also be reported to law enforcement or the Federal Trade Commission.

Target didn’t say exactly how the data breach occurred, but said it had since fixed the problem and that credit card holders can continue shopping at its stores.  When asked whether there’s a certain time when shoppers know  their accounts will no longer be vulnerable, a Target spokeswoman said,” We encourage everyone to be vigilant.”

But news of the breach comes at the height of the critical holiday shopping season and threatens to scare away shoppers worried about the safety of their personal data. The November and December period accounts for 20 percent, on average, of total retail industry sales.

For Target, the security breach is a particular black eye because it has used its red credit and debit cards as a powerful marketing tool to lure shoppers at a time when the discounter has had an uneven sale performance since the recession.

Since 2010, Target has offered shoppers who use its cards 5 percent off on purchases and has rolled out other incentives like free shipping for online customers. The company said during its earnings call in November that as of October the percentage of customers who have the Target branded cards topped 20 percent. This holiday season, Target added other incentives to use its cards. Two days before Thanksgiving, Target.com ran a special review sale with 25 exclusive offers, from electronics to housewares  for those who used the branded card.

As a result of these incentives, Target says its continues to see that households who activate a Target-branded card have increased their spending at the store by about 50 percent on average.

“This is how Target is getting more customers in the stores,” said Brian Sozzi, CEO and Chief Equities Strategist. “It’s telling people to use the card. It’s been a big win. If they lose that trust, that person goes to Wal-Mart.”

Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx and Marshall’s, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn’t detected until December 2006. In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.

An even larger hack hit Sony in 2011. It had to rebuild trust among PlayStation Network gamers after hackers compromised personal information including credit card data on more than 100 million user accounts. Sony was criticized for slowness in alerting users to the breach.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” Chairman, President and CEO Gregg Steinhafel said in a statement Thursday.

Target has 1,797 U.S. stores and 124 in Canada.

Considerations Regarding Identity Theft From A Financial Management Prospective Part 4

Considerations to Protect
Personal Information

  • · Avoid email providers that have a bad record on hacking.
    · Have good password policies.
    ·Consider “two step verification.”
    ·  Be careful with security questions.
    · Password/encrypt transmitted documents.
    ·  Don’t click on links in emails.
    ·  If concerned, consider a “security token” and verbal password on financial accounts (if possible).
    ·  Have good virus and malware protection. And, keep your operating system up-to-date.
    ·  Act promptly if fraud is detected to secure all accounts.
    ·  Consider a credit monitoring service.
    · Periodically review credit report.

Conclusion
With all of this said, the most reasonable conclusion is likely to just have a heightened sensitivity for this topic and be careful with your passwords and security questions. If you ever suspect a problem, or just want to be proactive, we can talk about initiating some of the other items.
Please feel free to call any of us if you would like to discuss.
 
*    *    *
 
This review was prepared by Edward B. Aufman, CFP and William J. Gaffey, CFA.
Aufman Associates Inc.
Financial Management | Personal Financial Counseling
www.aufmanassociates.com
© 2013 Aufman Associates Inc.

Considerations Regarding Identity Theft From A Financial Management Prospective Part Three

Actions to Take In the Event of Attack
Once armed with information, an attacker can do a lot of damage very quickly… or at least a lot of inconvenience. Please let us know right away. If necessary we will notify Schwab (or provide direction for other investment accounts) to lock down the account.
Another step is to make phone calls and get fraud alerts on all other accounts. Then, put a fraud alert on the credit reports.
It will be necessary to work with the financial company to eliminate the account that was opened. Since identity theft can happen quickly, this could be a number of accounts.
It is sometimes necessary to create an “identity theft report” which is the combination of an affidavit and police report. This is used to prove that you are not obligated on the account that was illegally opened.
The credit report should be reviewed to make sure all aspects are cleaned up.

Credit Monitoring Service
A proactive measure is to use a service like LifeLock. This is a monitoring service that watches your credit report. You are alerted each time your credit report changes and you approve or disapprove of the change. If the change is wrong or is fraud / identity theft, LifeLock helps to quickly resolve the problem. The website address for LifeLock is www.lifelock.com.
It also makes sense to periodically review your credit report. You can do this via LifeLock or for free at www.annualcreditreport.com. Whenever requesting a copy of the credit report, be careful not to accidentally sign up for a monitoring service that you do not want.

Considerations Regarding Identity Theft From A Financial Management Prospective Part 2

 

 

 

Financial Accounts
In some cases, where we suspect a problem, we will put additional security measures on financial accounts. For example, Schwab offers a “security token.” This is a little keychain device (“key fob”). You press a button on the keychain and a number appears. Every time you log into Schwab it will ask you for a token number in addition to your password. Each time you press the button on the device you get a fresh number.
If we are very concerned, it is also possible to assign a verbal password… so if somebody calls Schwab they need the verbal password to do anything. Usually the steps in this paragraph are not needed and the default security measures are okay… but we will typically do these extra steps when fraud attempt is detected.
When accessing any financial account online, always verify that the connection is secure. This is typically indicated by a padlock icon next to the web address or at the bottom of the browser window.
Only access financial accounts via that company’s website. Do not click on links in emails because this could take you to a cloned site designed to get your personal information. 

 

Malware and Viruses
While we see the most problems with email hacking, there is also potential risk via malware and viruses. Therefore, make sure you have good updated virus and malware protection (one that costs money – not a freebie). Also, keep your operating system up-to-date. When Windows (or Mac OS) tells you to update, you should… because once they offer a security update, it is an announcement to attackers to focus on the weakness they are updating.
If you would like to talk about this in greater detail, please feel free to call and we can summarize what we think are good practices in the area of computer protection. While we are not computer experts we can summarize our experiences and/or direct you to appropriate sources.
As much as I like traditional PC computers (Dell etc.), I have seen a lot more struggles on PC than with Mac/Apple. For business application there is often not much choice. But for home use an Apple product could be the best solution. An expert explained to me that it comes down to numbers- there are more PCs in the world so the attackers go after PCs.

Considerations Regarding Identity Theft From A Financial Management Prospective

 

We are pleased to present a four part review of considerations regarding identity theft, from a financial management prospective. This review was prepared by Edward B. Aufman, CFP and William J. Gaffey, CFA.
Aufman Associates Inc. www.aufmanassociates.com
© 2013 Aufman Associates Inc.

Considerations Regarding Identity Theft
Traditional financial planning topics include retirement, tax, investments, etc. Thanks somewhat to overseas pests, it is more important than ever to include “identity protection” in the list. This letter outlines our thinking on various topics surrounding identity theft and financial fraud.
First let’s begin by saying that we do not want to communicate that this is a huge risk that should cause all of us to hunker down and stop using computers. Nor do you need to feel obligated to do all the items mentioned in this letter. We just need to be careful and logical. So, we will outline below a lot of different things solely for the purpose of keeping you well informed.
This article is a summary of our observations, experiences, and notes from various experts. This article was prepared for our clients, but we would like to share with others… not to be the expert on this topic… but just to share thoughts on an important issue we should all address together.

 

  • Part (One)

Email Accounts
The biggest risk we have seen is via hacked email accounts. Typically somebody outside the country initiates this attack. Our observation and understanding is that they target the big email providers. They look for weak passwords. Once they have a password they either use the account to gain information… or in some cases sell the ID and password on illegal online auctions. The attacker monitors your email account and gains information. They can then use this information to commit fraud such as wiring money out of your financial accounts. Or, they can commit identity theft and set up accounts using your info.
Our firm has procedures to watch for unusual emails. We have received an increasing number of fraudulent emails that request unusual wires. These emails appear to come from the client, but are actually attackers. In all cases we have quickly identified the fraud and reported it. Without 100% of your personal information, it would be difficult for an attacker to actually succeed, given all the security measures in place. But it could happen.
We don’t want to slow down the process by being overly cautious… but it certainly makes sense to have an increased sensitivity to information being processed over email. In particular, account numbers and Social Security numbers should be protected. When we transmit a form that has this information, we will password encrypt using Adobe pdf. This is a very simple and effective solution. We will communicate the password verbally (not over email). Also, we will minimize the amount of personal information that transmits.
When returning a signed form to our office, fax is the most secure. If sent over email, consider assigning a password to the pdf document. The rationale is that if your account has been hacked (and you don’t realize) you don’t want the hacker to see your signature.
Since the risk largely lies in an attacker gaining your password to your email account, we recommend using a secure password that includes upper case and lower case letters. Keep the password random. Also, if allowed, use special characters like $, !, %. This makes it more difficult to hack the account. In addition, periodically change the password (every three to six months).
There are also security questions tied to email accounts. For example, if you forget your password, they will ask a secret question like “what is the name of your first pet.” You should make sure these are very unique and are something an attacker could not guess.
Some email providers allow “two step verification.” When an attempt is made to login from a different computer or device, a code is first sent out and you must approve the access on the new machine. This is a very good safeguard.

 

Part 2 Coming Soon !!!

Identity Theft IQ Test

 

 Hmmm...

 1.       What is the number one method of criminals obtaining your personal information?

a.       Ease dropping

b.      Dumpster diving

c.       Hacking your computer

d.      Mail box

 

2.       Which Items below are tools to protect your Identity?

a.       Shredding

b.      Locking your mail box

c.       Strengthen your passwords

d.      A &  B

e.      All of above

 

3.       Which state per capita had the highest Identity theft in 2011?

a.       Indiana

b.      Nevada

c.       Florida

d.      Georgia

 

4.       Where did Indiana rank in identity theft crimes in 2011?                               

a.       12

b.      33

c.       49

d.      23

 

5.       Children are at risk to Identity theft.

a.       True

b.      False

 

6.       Tax time is a dangerous time for Identity theft due to thieves taking W2 forms out of mail boxes.

a.       True

b.      False

 

7.       Phishing is a growing cause of Identity theft.

a.       True

b.      False

 

8.       The Following steps should be taken if you think your Identity has been stolen.

a.       Place an initial fraud alert

b.      Order Your Credit Report

c.       Create an Identity Theft Report

d.      C & B

e.      All of the above

 

9.       Free information on identity theft is available from the Federal trade commission on the web.

a.       True

b.      False

 

10.   You can get a free kit to host a party on protecting your identity on the FTC site.

a.       True

b.      False

 

 

 

 

 

Answers:

 

1.       B. Dumpster diving

2.       E. All of the above

3.       C. Florida

4.       B. 33

5.       A. True

6.       A. True

7.       A.  True

8.       E.  All the above

9.       A. True

10.   A. True

 

 

 

Do You Treat Your Identity Like Garbage?

id2 

Fictional

truck

Spring is in the air and I love this time of year.  For me it is a bit like Christmas from an identity theft standpoint.  It is the time of year when people clean and purge. They clean out the garage, basements and home offices. Trips to the goodwill and oh yes many trips to the garbage and that is where I come in.  You see, I am in your neighborhood every week and I can’t help but notice what you are throwing away.  I am your garbage man.

 I am an expert at seeing treasures in your waste streams.  That box of old papers, letters rubber banded or clipped together and my personal favorite, junk mail.  With my experienced radar eyes I can spot it a mile away and dumpster diving is not a crime.  I even get paid to, well, let’s just say“ handle” your trash.  So if I see something of interest, I simply set it aside so that I can take my time looking through your papers for social security information, licenses and other important numbers and of course your signature is always good to have.  Junk credit card offers are a gold mine of information.  It’s like unwrapping gifts.  And, if I don’t find what I’m looking for this week not to worry, I will be back next week.

 Don’t get taken by this guy.  Follow the simple tips below:

It is a great time for Spring cleaning! Many people take this time to get better organized.  I found an excellent article on organizing your financial documents by Suze Orman in O magazine.  So what does this have to do with Identity theft, see the highlighted paragraph below and please take her recommendations…… Shred!!!  After all, thieves know our patterns too and they will be looking for us to make mistakes with critical paper work.  Let’s be disciplined and always keep a container around for paper work that should be shredded whether it is spring or not. Don’t become a statistic and have a wonderful spring cleaning!

 Suze Orman’s Spring-Cleaning: Overhaul Your Files and Finances

By Suze Orman

First, Organize.

ophrah
Let’s begin by gathering up your docs. Pull out stray files, snatch the latest round of bills, and empty that overflowing kitchen or office drawer stuffed with papers you’ve been meaning to get to for ages. Sort everything into six piles:

  • Monthly Bills, Bank Statements, and Pay Stubs
  • Investment Statements (pension updates, 401(k) statements, brokerage and fund statements, and so forth)
  • Tax Returns and Supporting Docs
  • Policy Documents and Deeds (insurance policies, home deed, car title…)
  • Warranties and User Manuals
  • Forever Docs (things like marriage license, will, birth certificate)

Next, create a folder for each type of document (except forever docs; see next paragraph) and add new papers as they come in. Then create folders within the folders: Take ongoing bills, for example. Store all gas bills in one folder, electricity bills in another, cable bills in a third, and so on. If possible, keep all folders in a fireproof, water-resistant file cabinet or box; if not, a drawer or shelf will do.

It’s an entirely different ball game for the forever docs. Because of their importance, they must be put in a portable fire- and water-resistant home safe or file container—something that you can grab at a moment’s notice. Why not a bank deposit box? Because you don’t have access 24/7. If, God forbid, you die or become incapacitated, your relatives may not be able to access it; besides, the maintenance fee is a waste of money compared with the onetime cost of buying a safe.

For everything you’re sending to the trash, I have one word of advice: shred. The FTC estimates that up to nine million Americans each year are victims of identity theft, in which personal documents are stolen and the data is used to run up charges on existing accounts or to obtain new credit or debt. That can wreak havoc with your financial life, and low-tech Dumpster diving—where a crook rifles through your garbage to find financial data—remains a big risk. At about $150 a pop, a crosscut paper shredder is a great investment; it will make mincemeat of any important papers.

Okay, now we’re ready to tackle each of the piles. (If you ever need a reminder, I also have a cheat sheet on my website, SuzeOrman.com/FinClutter.) Here we go….

Read more: http://www.oprah.com/money/Suze-Ormans-Spring-Cleaning-Overhaul-Your-Files-and-Finances_1/2#ixzz2NJzU3wUb

 

Identity Theft 101 – Dumpster Diving

Identity Theft 101

 

I found a great resource on the life lock website:  http://www.lifelock.com/education/. The site defines Identity theft,  the latest ways people steal it, data by state and other pertinent  articles.  While the sites purpose is to sell lifelock  services , it does not strong arm you into buying anything.  It is very easy to navigate and a great resource on the topic of identity theft. The following are a few excerpts from the site:

 

 

Dumpster Diving

Despite all the high-tech innovations and advancements available to identity thieves, old-fashioned “dumpster diving” – literally digging through your trash – remains a popular method for stealing large amounts of your personal information.

 

Will thieves really go through your garbage?

Absolutely. Why? Because Americans receive over 4 million tons of junk mail each year1, and much of this mail – such as pre-approved credit cards, credit card bills, and bank statements – includes your personal information. Dumpster-diving identity thieves root through your trash because they know the documents you discard as garbage contain personal identity information that can be spun into gold when used in a variety of illegal manners.

How big of a threat is Dumpster Diving?

Identity theft remains one of the fastest-growing crimes in America2, and, based on the reports of identity theft victims, it was claimed that 88% of the information collected by thieves was obtained through dumpster diving.3                                 

The lifelock  site also has a great interactive map. Simply click on your city and state to view pertinent information as it relates to identity theft & fraud in your area

 

Identity Theft & Fraud in Indiana

National Rank for Identity Theft Complaints
33rd

Number of identity theft complaints in 2011.
3,555

Top three identity theft types:

  • Government documents or benefits fraud
  • Phone or utilities fraud
  • Credit card fraud

I hope this article was of interest to you.  I give this site a thumbs up!   http://www.lifelock.com/education/

Colo. waitress gets own stolen ID when carding patron

 white lady

Busted!!

 

Take a look at this shocking story reported on Fox News where a waitress working in a restaurant asked a patron for ID to verify her age and then received the shock of a life time. When the waitress looked at the license that she was given she realized that it was actually her license that had been stolen a month ago.   

 

Read more: http://www.foxnews.com/us/2013/03/07/colo-waitress-gets-own-stolen-id-when-carding-patron/#ixzz2Mwiauk3c