It’s tough to keep your eyes from glazing over when you hear about yet another data breach. After all, there’s been a steady stream of bad news from Target, Home Depot and P.F. Chang’s, to name a few.
But to give you an idea of just how serious the problem has become, the California Attorney General’s Office has released a new report showing that 18.5 million Californians had personal information stolen in 2013, a 600 percent increase from the previous year.
Everyone is susceptible. Take Michael Collins, who’s spent 25 years working in law enforcement in the San Francisco Bay Area. Collins was a victim of the Target data breach. He spent months dealing with police reports, credit card companies, credit freezes and phone calls from collection agencies.
According to Collins, his ordeal began with a simple email alert from Wells Fargo. When he called the company, “I learned that on December 19th and 20th over two dozen credit accounts had been applied for — many successfully — at a variety of large-scale retailers.”
Wells Fargo advised him to contact one of the three credit reporting agencies — Experian, Equifax or TransUnion — to activate a credit alert. Next came a credit freeze at each of the credit reporting agencies.
And then there was the task of notifying each retailer of the fraud. According to Collins, “For every incident of ID theft the retailers needed a copy of my original police report (which listed ALL the retailers affected), along with an affidavit attesting to the fact I had not opened or attempted to open an account with them. It took me until mid-to-late January to get all the paperwork to each of the retailers because every week new credit cards would arrive in the mail and I would learn of yet another retailer with whom credit had been applied for in my name.”
Collins spent dozens of hours of his own time sorting out the mess. While the California Attorney General’s report says that 18.5 million people had their information compromised, it does not detail how many ended up, like Collins, as victims of fraud.
The report highlights the current danger of shopping with a credit or debit card, as 84 percent of data pilfering happened at retailers. California Attorney General Kamala Harris wants action.
“The fight against these kinds of cybercrimes requires the use of innovative strategies by government and the private sector to protect our state’s consumers and businesses,” Harris said in a prepared statement. “I strongly encourage more use of encryption to significantly reduce the risk of data breaches.”
The report makes 10 specific recommendations to businesses and other organizations to prevent future breaches, and two to the legislature to protect consumers and help businesses pay for added security.
For businesses, encryption technology already exists to thwart criminals — it’s a matter of adopting the technology. According to the 2014 Global Cost of Data Breach Study from the Ponemon Institute, companies need to spend $14 million in the next year to make necessary upgrades that will protect consumers from data breaches.
As for consumers, the California report recommends these steps:
- Monitor your credit and debit card accounts for suspicious transactions and report any to the card-issuing bank. Ask the bank for online monitoring and alerts on the card account.
- If a data breach notice says your health insurance or health plan number was involved, contact your insurer or plan and ask them to note the breach in their records and to flag your account number.
- If a data breach notice involves your password or user ID, change both for that account and any other accounts containing the same information.
But as Michael Collins found out, being vigilant doesn’t always prevent fraud. During the weeks it took the credit card companies to investigate the bogus accounts, “I would receive several phone calls every week from collection agencies trying to get me to pay charges on the various cards. In some cases it bordered on flat-out harassment.”
Collins still shops at Target. With cash. And his credit is still frozen.