In The News

Home Depot, Target and Other Security Breaches – Your Rights

Over the past couple of years, there have been major security breaches at some of the largest retail companies and financial institutions concerning data breaches of the personal financial information of millions of consumers. As of this posting, Home Depot has just notified millions of customers of a breach involving their records.

When financial institutions, retailers, and others responsible for client information have that information stolen through their negligence, they can be liable for the damages that result. However, when we learn that our financial information potentially has been compromised in a security breach, seeking to hold the institution or company liable should not be the first thing we consider. Instead, we should think about what we can do to protect our own security. Here are actions that can be taken:

  • Creating unique user ID and passwords. It’s not a good idea to use the same user ID and password for multiple accounts. Instead, the safest way to engage in online transactions is to keep a paper list of all user name and passwords, and to have separate passwords for every site. Longer passwords that involve numbers and upper and lowercase letters and which do not contain obvious information (such as the name of children and birth dates) are better. Consider using variations of easy to remember catchphrases, such as1liK3toEatmcD0nalD5fr3nCHfr13s. 
  • Monitor your credit card bills carefully.  While consumers typically have no or minimal liability for fraudulent credit card purchases, you should nonetheless monitor your credit card bills carefully, as often there is a limited time in which to notify the company that a credit card charge is fraudulent.
  • Consider credit monitoring when offered for free by companies who have sustained security breaches.  Some companies who have sustained a security breach will offer free credit card monitoring to consumers who may have had their information stolen. If you receive such an offer from a company, consider accepting it, and signing up for such monitoring.  You will then be notified when someone attempts to gain credit (such as through a credit card) in your name.
  • Notifying the major credit agencies to put a “freeze” on your account.  You can separately notify the three major credit agencies to put a “freeze” on your account, and instruct them to convey information that any credit extension requests should be denied until a certain time period.  The benefit of this approach is that any company that contacts the credit agency (which will include virtually all credit card companies and companies such as furniture stores and car dealerships) will be told there is a freeze on your account, and credit should not be extended.  This approach can be highly effective in preventing wrongful credit extension.  The disadvantage is that you will need to keep making such requests, and if you need credit for an unexpected purchase, you yourself may be denied credit.

Future Ramifications of Security Breaches

While we probably can’t ensure criminals won’t ever steal our information for identity theft purposes, we can take reasonable measures to combat these illegal actions and make it much harder for them to succeed.