6 things you need to know after any retailer data breach

About Clark Howard

Find more answers to your consumer questions, plus Clark Howard’s book “Living Large for the Long Haul,” at ClarkHoward.com.

Clark’s credit freeze guide


It’s the latest in a string of high-profile breaches that has included Target, the Heartbleed breach, eBay and Lifelock, and the Russian hackers getting 1.2 billion usernames and passwords.

And now, in the midst of a severe case of “breach fatigue,” we’re getting word of the Home Depot data breach.

This one is still a moving target (no pun intended!)…but it could be larger than the Target breach that impacted more than 100 million customers late last year. Regardless of how the final numbers shake out, there are some things you need to keep in mind whenever you hear about these increasingly common data breaches.

Expect news of more breaches for the next 2 years

Our nation’s banks were woefully behind the rest of the world when it came to investing in secure chip and PIN technology. We’re the last place on Earth that uses ’60s era magnetic strips on our cards; that’s why all the criminals target us! The banks are only now making the wholesale switch to new safer technology, but that will take at least two more years. That’s just the sad reality.

I think it’s particularly important to know the retailers — whether you’re talking about Target, Home Depot, or anybody else — are not at fault here. The blame lies with the banks.

Watch your statements carefully

If you’re among those hit by the Home Depot breach, you need to go through your credit card and debit card statements this month and next month with a fine-tooth comb. Identify any bogus charges the crooks may have pushed through and dispute them immediately with your bank or credit card company.

Use an abundance of caution

This is a time when you need to beware of anyone calling or emailing you trying to impersonate a breached retailer or your bank. The cons may ask you to click a link or to verbally confirm additional personal information over the phone.

When in doubt, hang up the phone or close out the email. Then call your bank or visit the merchant website to verify the legitimacy of the request.

If you remember one thing, it should be this: Do not click on any links in emails that come related to this or any other breach!

Limit the risks from debit cards by setting up a separate account

The reality is customers who use debit cards are hit hardest by any breach. If you wish to continue using debit in the future, be sure you tie it into a separate account that’s only used for debit transactions. I like to call it your “walking around” money. That way, only that money you transfer to your separate account is at risk in a breach. Not the money you need to pay your mortgage or a car note, or to put food on the table.

Understand the real dangers of debit vs. credit

To understand just how bad debit cards are, you first have to look at the consumer protections afforded to credit cards. In a case like this breach where crooks potentially have your credit card number but not the physical card, normally that means zero dollar liability. In the worst case scenario, your maximum liability would be $50…and some issuers will waive even that.

If you used a debit card though, it’s a whole different story. Debit cards are dangerous to your wallet. They don’t have the normal protections under federal law offered by a credit card.

With a breached debit card, you have only two days after you notice that money is gone from your account…or else your liability rises to $500. And under some circumstances, your liability with a debit card can be unlimited.

You should do a credit freeze right now

You’ll pay zero to $10 per bureau, depending on your state. This will shut a criminal down cold when they try to apply for new lines of credit in your name.

About the Author