New York (AP) — It's an almost weekly occurrence: On Tuesday, Goodwill said its computer systems may have been hacked, leading to the possible theft of customers' credit and debit card information. The nonprofit agency, which operates 2,900 stores in the U.S., said it is working with federal investigators to look into a possible breach.
That follows news over the weekend that Vendini, an event ticketing service, had settled a class-action suit related to a data breach in 2013. For many people who had ordered tickets through the service, an e-mail about the settlement was their first notification that their information had been compromised. In the last year, major companies like Target, LinkedIn, eBay and Neiman Marcus have also been hacked.
The incidents are especially troubling to consumers as online and mobile shopping continues to grow. People aren't likely to stop using their credit and debit cards any time soon, and as data breaches become increasingly common, consumers don't often know what to do when a company they've done business with experiences a breach.
Here are five ways you can avoid becoming a victim of identity theft, even if your data has been compromised:
- Monitor your bank statements. The easiest and most effective way to make sure someone hasn't made fraudulent charges to your account is to keep a close tab on your bank statements. Gartner analyst Avivah Litan recommends checking at least once a month, if not more, for any suspicious activity. If you find something that doesn't seem right, call your bank right away.
- Use a credit card, not a debit card. Government regulations protect you from liability for fraudulent charges over $50 when you use a credit card or a debit card with a signature, not a pin number. But if you use a debit card with a pin, the regulations are murkier, and you may end up being liable for some charges. "The best tip to avoid problems on your existing accounts is not to use debit cards, because not only is the credit card law better, but your own money is not at risk with a credit card," says Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group.
- Get free credit monitoring. Concerned consumers can pay an organization for credit monitoring, but the government offers three free credit checks a year, something consumers should take advantage of, says Litan. The reports will show if any loans or new credit cards have been taken out in your name. Here's where to find free credit reports: https://www.annualcreditreport.com/index.action. Also, companies that have had a data breach often offer to pay for customers' credit monitoring. Target, for example, offered one year of free credit monitoring, including identity theft insurance, to Target shoppers after its data breach last year.
- Bank smarter. Many banks offer a service that sends an email alert when any major changes —or charges— are made to a customer's account. The alerts can be very helpful in detecting identity theft. If you want to be extra cautious, don't make money transfers online or pay bills electronically —use a check. "Paper is much more secure," says Litan. Also, experts recommend changing your passwords often. And never use the same password for banking that you use for lower-security websites. Non-banking sites tend to be easier to hack.
- Don't rely on companies. Vendini, the latest company to report a data breach, on Friday scored a rare settlement for a class-action lawsuit about compromised data. The company, which offers ticketing services for theaters and event venues, will pay out up to $3,000 per customer for identity theft losses, but it will be difficult for people to collect their money, because it is necessary to prove that the information that was used for identity theft came from Vendini. The lesson: don't depend on companies to let you know if your data has been stolen. If you want to protect yourself, it's best to take matters into your own hands.