Feature

Shopping: The growing danger of retail hacks

This month big-box retailer Target revealed that up to 110 million customers’ personal information was hacked before the holidays.

“In the battle between hackers and retailers, it sure looks as though the hackers are winning,” said Joe Nocera in The New York Times. This month big-box retailer Target revealed that up to 110 million customers’ personal information—-including names, addresses, phone numbers, and PINs—was hacked before the holidays. Since then we’ve learned of breaches at Neiman Marcus and other U.S. merchants. Security experts have determined that the attack on Target was almost certainly the work of “extremely sophisticated” Russian hackers using malware that grabbed data at the “moment of maximum vulnerability,” when customers swipe their cards and their magnetic stripes “yield all the information the hacker needed.” The obvious fix is for the U.S. to do what virtually every other country in the world has done: switch to cards embedded with far more secure chips.

Multiple investigations into the hacks are underway at the federal and state levels, said Amrita Jayakumar and Hayley Tsukayama in The Washington Post. But whatever they find, there’s no doubt that you should “keep an eye out for any strange transactions” on your credit and debit cards. There’s no all-clear for data breaches of this nature: “Hackers who take big swaths of data like this sell them to criminals, so your information could stay on the marketplace for a while.” Target says it encrypted customers’ PINs before they were stolen, but “debit card users may want to take the precaution of calling their banks to get their PINs changed.” Report any fraudulent or suspicious charges to your bank or card issuer, and scrutinize any emails “that appear to come from your bank or Target.” Numerous reports have surfaced about phishing scams that masquerade as customer support in sometimes quite ingenious attempts “to trick people into parting with personal information.”

There’s still “no federal law that requires disclosure of security breaches,” said Pamela M. Prah in USA Today. But most states do require companies to inform consumers when their data has been compromised. California’s laws are the strongest, laying out a catalog of data breaches that companies are required to report. California has also passed laws requiring businesses to give more detailed disclosures about their privacy policies and what information they gather from online consumers. Given the number of security incidents we’ve seen lately, these are all laws “that other states are expected to consider this year.”

Recommended

What OPEC's latest move means for Biden and Putin
A gas line.
Picture of Joel MathisJoel Mathis

What OPEC's latest move means for Biden and Putin

Thailand daycare massacre leaves 37 dead, including children
Police guards daycare
tragedy

Thailand daycare massacre leaves 37 dead, including children

Brittney Griner is 'very afraid' and at her 'weakest moment,' wife says
Brittney Griner
#FreeBrittney

Brittney Griner is 'very afraid' and at her 'weakest moment,' wife says

The uneven effects of climate change
Scales.
Briefing

The uneven effects of climate change

Most Popular

Survey reveals less than half of Americans plan to get flu shot this season
influenza vaccine syringe photo
Masks trump flu vax

Survey reveals less than half of Americans plan to get flu shot this season

Russian war bloggers warn Ukraine is threatening Kherson defensive lines
Ukraine inroads in Kherson
War on the Rocks

Russian war bloggers warn Ukraine is threatening Kherson defensive lines

Lizzo invited for an encore flute performance at James Madison's home
Lizzo
play it again sam?

Lizzo invited for an encore flute performance at James Madison's home