Feature

Shopping: The growing danger of retail hacks

This month big-box retailer Target revealed that up to 110 million customers’ personal information was hacked before the holidays.

“In the battle between hackers and retailers, it sure looks as though the hackers are winning,” said Joe Nocera in The New York Times. This month big-box retailer Target revealed that up to 110 million customers’ personal information—-including names, addresses, phone numbers, and PINs—was hacked before the holidays. Since then we’ve learned of breaches at Neiman Marcus and other U.S. merchants. Security experts have determined that the attack on Target was almost certainly the work of “extremely sophisticated” Russian hackers using malware that grabbed data at the “moment of maximum vulnerability,” when customers swipe their cards and their magnetic stripes “yield all the information the hacker needed.” The obvious fix is for the U.S. to do what virtually every other country in the world has done: switch to cards embedded with far more secure chips.

Multiple investigations into the hacks are underway at the federal and state levels, said Amrita Jayakumar and Hayley Tsukayama in The Washington Post. But whatever they find, there’s no doubt that you should “keep an eye out for any strange transactions” on your credit and debit cards. There’s no all-clear for data breaches of this nature: “Hackers who take big swaths of data like this sell them to criminals, so your information could stay on the marketplace for a while.” Target says it encrypted customers’ PINs before they were stolen, but “debit card users may want to take the precaution of calling their banks to get their PINs changed.” Report any fraudulent or suspicious charges to your bank or card issuer, and scrutinize any emails “that appear to come from your bank or Target.” Numerous reports have surfaced about phishing scams that masquerade as customer support in sometimes quite ingenious attempts “to trick people into parting with personal information.”

There’s still “no federal law that requires disclosure of security breaches,” said Pamela M. Prah in USA Today. But most states do require companies to inform consumers when their data has been compromised. California’s laws are the strongest, laying out a catalog of data breaches that companies are required to report. California has also passed laws requiring businesses to give more detailed disclosures about their privacy policies and what information they gather from online consumers. Given the number of security incidents we’ve seen lately, these are all laws “that other states are expected to consider this year.”

Recommended

SecDef draws ire of GOP after missing Afghanistan weapons report deadline
Afghan soldiers in captured American vehicle
the dog ate it

SecDef draws ire of GOP after missing Afghanistan weapons report deadline

Chinese have most trust in institutions, new survey shows
U.S. Capitol
democracy out, authoritarianism in

Chinese have most trust in institutions, new survey shows

Relief ships will take 3 days to reach Tonga
HMNZS Aotearoa
help sets sail

Relief ships will take 3 days to reach Tonga

World's 10 richest men doubled their wealth during the pandemic, Oxfam reports
Elon Musk
Everybody knows

World's 10 richest men doubled their wealth during the pandemic, Oxfam reports

Most Popular

Omicron may be headed for a sharp drop because so many people are infected
Dr. Janet Woodcock
Omicron Blues

Omicron may be headed for a sharp drop because so many people are infected

California deputy DA opposed to vaccine mandates dies of COVID-19
Kelly Ernby.
covid-19

California deputy DA opposed to vaccine mandates dies of COVID-19

Will 2022 bring another Miracle on Ice?
The Miracle on Ice.
Samuel Goldman

Will 2022 bring another Miracle on Ice?