It’s been almost five years since the retail world was rocked by the Target data breach, an event that affected millions of US consumers’ credit card and debit card accounts.
The card numbers were stolen by cybercriminals due to malware installed in the point-of-sale system. Since that time, some other major-name companies have experienced similar data breaches. In the most recent event, a hack that stole customer information from Hudson’s Bay Company (the parent company of both Saks 5th Avenue and Lord & Taylor) shows that the same method of attack that affected companies like Target and Home Depot are still being employed.
A security company called Gemini Advisory discovered a trove of stolen credit card information for sale online on March 28th. Analysis of the card numbers showed that they’d been used at stores owned by Hudson’s Bay Co., which led the retailer to look into the matter. While the investigation is still underway, Gemini Advisory feels that the 5 million stolen card numbers most likely were accessed via malware infecting the stores’ point-of-sale (POS) systems. That malware may have originated as a phishing email sent to company employees; clicking on the link in the email would then install the harmful software in their network and, from there, the hackers could have gained access to the credit card machines at the chain’s cash registers.
An official statement from one of Hudson’s Bay Co.’s retailers says no highly sensitive data like Social Security numbers or birthdates was accessed. By data breach laws, though, they are offering all affected customers free credit and web monitoring services and assured the victims that they will not be responsible for any fraudulent charges on their affected credit or debit cards.
Consumers can take further steps though, and these additional measures are always a good idea. It’s beneficialto set up purchase alerts or “card not present” alerts on your credit or debit card by contacting the issuing financial institution. This step will ensure you receive an emailed or texted alert any time your card is used without being physically present at the cash register, which is one way that criminals can use stolen card numbers. That means you can immediately see if your card is being used and call the financial institution before you get your statement.
We know you’ve heard to check your statements, but honestly we also know that most card users tend to just file them away. If you think that your data may be included in the breach, your statement will tell you if someone else is using your payment account info. Some issuers have a limitation on fraudulent charges, so better to stay on top of it then to get stuck with them.
Finally, remember to change your passwords and pin numbers on any accounts associated with that card. As always, be sure you’re only using that password on one account to keep criminals from accessing any other accounts you own.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.