With all of the media surrounding the Target, Neiman Marcus, and, now, Michaels data breaches (and potentially other retail outlets), it can be overwhelming to determine what you should do to protect yourself. Even though you can't prevent a breach, there are steps you can and should take to prevent future headache and harm.
This is an important alert to read even if you weren't a victim of the recent breaches. As privacy and security professionals say on a regular basis, data breaches aren't a question of "if", they are a question of "when." It is best to be prepared and proactive.
1. Monitor your accounts. Check the financial account(s) you used to make your purchase at the breached retailer on a regular basis – preferably online. Don’t wait for the monthly statement. If there is any charge -- including a very small charge -- that you did not make or authorize, call the financial institution immediately.
2. Credit cards are better than debit cards. Always. If you used a debit card at the breached retailer, call your financial institution and request that they issue you a new card (if they haven't already). And in the meantime monitor your account closely and report any loss as soon as you notice it.
For more information on the risks of using debit cards, see PRC's website here.
3. Take advantage of free credit monitoring services, BUT realize their limitations. In the cases of Target and Neiman Marcus, they are each offering a single-bureau monitoring service (there are three credit bureaus). This can be helpful if someone gains access to your Social Security number and tries to open a new account in your name, but it does not protect you against other forms of fraud.
Go directly to https://creditmonitoring.target.com to sign up for the service Target is offering. You will find Neiman Marcus' service here: https://www.protectmyid.com/nm.
4. Watch out for fraudsters. If you follow these general rules, you will largely reduce your chances of falling victim to common scams.
- Never give sensitive information out to anyone who calls you. Chances are no breached company is going to call everyone whose records were breached—even if your caller ID says otherwise. It's safe to say the same applies with any law enforcement or government agency, bank, or other entity that may have a reason to need sensitive information.
- Watch for fraudulent emails. Don't open attachments unless you BOTH trust the sender and are expecting an attachment from them. Don’t respond to an email asking for any sensitive information even if it looks official.
5. Keep up with your credit reports. It doesn't matter if you've been the victim of a data breach, you are entitled to one free credit report per year from each of the three credit bureaus. We recommend spacing them out and ordering one report every four months. Only do this through the official site, https://www.annualcreditreport.com. Don’t fall for websites with similar names.
For additional tips, including how to file a complaint if you are dissatisfied with how your debit card or credit card company has dealt with any suspicious charges or debits, contact the Consumer Financial Protection Bureau.