One of the biggest stories over the holidays was Target’s data breach, where credit and debit card accounts of more than 40 million customer, who shopped between Nov. 27 and Dec. 15, were stolen.
This theft was said to be the second-largest credit card breach in U.S. history.
According to a Kens5 story, the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said. There was no indication the three- or four-digit security numbers on the back of the card were affected or that the stolen data included a customer’s birth date or social security number.
Target responded with an apology and gave customers a 10 percent discount. These customers were also able to get new credit and debit cards.
How could I protect myself from a situation like this?
Data breaching prevention should really be done by the company. Check to see if the company website has a privacy statement. Read over it for the stores you go to most often, and make it your business to ask questions and voice any concerns.
You have data protection rights. Read over those also so you’re prepared beforehand for any type of situation where your data is being used incorrectly.
Talk to your bank or credit union as well. Some financial institutions, after the Target incident, put stricter limits on spending. Banking is becoming more sophisticated nowadays also; learning your individual spending habits in order to notify you of suspicious activity. What are your bank or credit union’s policies on protecting your information?
Forbes describes what companies should be doing to protect customer data. Ask about these things at the places you shop:
- You should always make sure your customer data is stored in an encrypted database.
- You should have multi-levels of passwords to access any database storing customer information and change these passwords frequently.
- You should periodically and regularly run background checks on employees handling customer data.
- You should make sure to have malware detection software running on both your servers (hosted or not) and workstations and ensure that your firewalls are up and secure.
- You should review and implement the standard network security health check controls like the ones suggested here.
- You should make sure your Disaster Plan (you have one, right?) has a plan for if a breach occurs.
- And you should have your attorney update your terms and conditions to hold you harmless in the event of a stolen data incident (although that still can’t stop anyone from suing you, you losing that suit or at the very least suffering the same lack of credibility and reputation issues).
The fact is that a data breach can happen anywhere and at any time. Larger companies are probably more targeted, but they also are more likely to have great security measures in place because they want your trust and business.