It’s been almost a year since 70 million Americans learned that their personal data was compromised during holiday shopping at Target. In fact, November 27, 2013 was the date it all started so have a Thanksgiving toast to financial health if you were not affected!
The Target data breach occurred over a period of 3 weeks until it was detected, and Target waited days before notifying the public that their personal information was compromised. It was eventually revealed that cybercriminals in Russia had 11 gigabtyes of Americans’ sensitive information.
In retrospect, this breach was a wake up call to retailers and consumers of the risks that come with the ease that electronic payments provide. In 2011, the SEC issued guidance to companies that fall under its jurisdiction (though ‘SEC guidance’ is a bit stronger than the FDA ‘nutritional guidance’). Public companies are now responsible for knowing when data breaches occur, informing affected individuals, and taking steps to prevent such breaches.
Although you can get some comfort from the SEC guidance, the SEC is a large slow moving government organization that is operating on a tightened budget. Proposed regulations get pushback as being anti-business. Retailers and the financial institutions that issue credit cards can’t agree on who bears responsibility for the cost of data breaches. After all, credit cards can be imbedded with chips to reduce data theft. Such cards have been used with success in Europe, but the cost to the issuer has made them less popular here. But you may be seeing them soon from your credit card issuer – Target itself will introduce them in 2015.
Aside from returning to cash transactions, how can you protect yourself? By now, we should all know that account numbers and passwords should never be sent over an unencrypted email. What you may not know is there have been numerous cases of false withdrawal requests showing up at financial institutions. This usually happens after a cybercriminal has hacked into your email account. For this reason, your advisor at APCM will verbally confirm all withdrawal requests with the account holder. Although we recognize the ease of electronic communication, this extra step is essential at protecting your assets.
Criminals seem to be ahead of regulations in this area so it is really in your best interest to proactively protect your data. In a future blog, we’ll discuss steps you can take including password management software, credit freezes, and selectively using a separate credit card for online, retail, and travelling transactions.
Chief Compliance Officer