In the Office of Personnel Management breach and the Anthem healthcare breach—just to name two of the record-setting numbers of data breaches that happen each year—millions of US citizens had all of their highly-sensitive personal identifiable information (PII) stolen by hackers. This data included names, birth dates, Social Security numbers, and in some cases even fingerprints, which virtually handed over these citizens’ entire identities to criminals.
In the face of such alarming breaches, it’s all too easy to forget that data breaches happen almost every day, even though they’re on a smaller scale. Retailers have been hard hit by individuals who want to nab everything from usernames and passwords to credit card information. But the alarming trend of consumer complacency where data breaches are concerned has privacy experts concerned.
A hacker doesn’t have to go for the winning combination of your name, birth date, and Social Security number in order to do serious damage to your identity and your credit. But too often, consumers fail to take the threat of a retail data breach seriously; one Ponemon Institute study found that 32% of consumers ignored a data breach notification letter, even though 25% of the letters sent out that same year offered identity theft protection services for free.
What could be behind this trend of “data breach fatigue?” It’s too easy to assume it’s merely business-as-usual in consumers’ minds, although the sheer numbers of breaches could easily make consumers believe there’s nothing they can do to prevent identity theft.
More worrisome is the perception outlined above. Unless the victims’ complete identities have been compromised, they’re less likely to take action. If it’s only some credit card information that was stolen—as in the recently discovered retail data breach involving Eddie Bauer’s point-of-sale payment systems in an undisclosed number of their physical stores—consumers may erroneously believe that they won’t face any threat. Their credit card companies will waive any fraudulent charges and then issue new cards, right?
Not necessarily. If your existing card was hacked and new charges appear on that cared, then your bank or credit card company will take the necessary steps. But if that card information is used to open new accounts in your name—known as “new account fraud”—then you may be responsible for more charges, and you will have to do some legwork in order to get those accounts closed and get them removed from your credit report.
No matter how big or small, whether it was a major cyberattack that stole all of your personal information or just a compromised credit card payment system, the threat of identity theft is very real and must be treated as such. Follow the steps outlined in a notification letter, and watch for news of breaches like the Eddie Bauer breach in order to stay on top of your data. Be sure to request copies of your credit reports regularly in order to monitor them for suspicious activity.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.