NEW YORK (MainStreet) — High-profile data breaches are once again in the news, with CareFirst, a Blue Cross Blue Shield health insurance service, and the Internal Revenue Service, which saw 100,000 consumer tax returns compromised, experiencing security breaches in the past 30 days. (Additional reports that Starbucks customers had credit cards compromised were overblown.)
Consumer advocates are once again reminding consumers the bad guys aren't going away.
"Repeated computer-hacking situations this year raise concern among consumers about the safety of highly confidential personal and financial information," says Scott Smith, president of Salt Lake City, Utah-based CreditRepair.com.
Other credit experts agree, and warn consumers against taking the issue lightly. "By the time a data breach is announced, 75% of a credit score could immediately be negatively impacted," says Michael McQuinn, co-founder of Criterion 360, a New York City digital risk management service. "The credit monitoring solutions aren't enough, as the damage is already done. The toothpaste is out of the tube."
The damage can be significant.
"My identity was stolen and a credit card was opened under my name and Social Security number, with fraudulent signature," says Timmy Wahba, co-founder of New York City-based Projective Space, a co-working space for startup companies. "The thieves ran up a bill of $40,000."
"The catch is that I was 18 when this happened," he adds. "Ten years later I am today still fighting my fourth junk debt collector, after multiple successes in proving it was not my debt as victim of identity fraud."
Wahba says he has paid more than $10,000 in legal fees to clear his name, with limited results. "The lesson for me was that there is no relief for the victim," he says.
Banks and card providers are doing a better job of protecting customers' personal financial data, but consumers need to take some responsibility.
"Somebody stole my credit card number back in November 2011 and tried to buy more than $14,000 in goods with it," says Gregg Scott, chief technology officer at InfraSupport, an information technology solutions firm in Minneapolis. "Fortunately for me, none of the transactions went through and U.S. Bank froze the credit card. I found out about the problem later when I tried to buy some equipment for a customer and the card was rejected. I called the bank, they replaced the card, and it didn't affect my credit rating one way or the other."
The cyber thief was never caught and still presumably is hacking other consumer accounts, Scott says, but he's learned a lot from the experience and wants to pass those lessons off to other consumers.
At retail store point-of-sales machines, for example, don't put in a PIN. "Use checking debit card transactions as credit instead of debit, instead, so you don't feed your PIN into the machine," Scott says. "That way, at least if the POS machine is compromised, the bad guys won't have your PIN."
Scott is also a big advocate of using different passwords for different debit and credit card account access, although he acknowledges this can be a "hassle" for busy consumers.
Creditrepair.com's Smith says that, if you've heard of a major data breach such as the one at CareFirst in the news and are a customer of that company, don't hope the issue will blow over. "Those at risk in the scenario of a data breach may want to consider freezing your credit card, if that information has been shared or stored with the company that had its data compromised," he says.
"If you believe you've been a victim of a credit breach, putting a lock on your credit file is also a good idea," Smith adds. "Locking your credit file will ensure that no new lines of credit will be open on your credit file for the duration of time that you set up with the credit bureaus."
— Written by Brian O'Connell for MainStreet