You're not just imagining it: Lately, a new data breach has been reported almost every week. Here's how to find out if your information has been exposed.
By mid-October, the Identity Theft Resource Center had already identified more data breaches this year than it had in all of 2013. In other words, it’s more likely than not that some of your personal information has been compromised. “There are two kinds of consumers — there are those who know they’ve been breached, and those who don’t,” says ITRC president and CEO Eva Velasquez.
Many Americans are in the first camp. According to a new Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.
It’s hard to say whether there has really been an increase in the number of data breaches, or we’ve just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.
“Thieves are going to go where it’s easiest to steal,” Velasquez says. “We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove.”
At MONEY, we’re tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you’ve been affected. If so, we’ll walk you through what you need to know about protecting yourself from identity theft.
- MCX
- Staples (under investigation)
- Kmart
- Dairy Queen
- SuperValu
- Viator.com
- Jimmy John’s
- Home Depot
- Community Health Systems / Tennova
- P.F. Chang’s
- JP Morgan
-
MCX
What kind of data was exposed? Email addresses
When was the data exposed? Late October
Who was affected? CurrentC pilot program participants
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Staples
The alleged Staples data breach, first reported by Brian Krebs, is still under investigation.
What kind of data was exposed? Customer payment card numbers (allegedly)
When was the data exposed? Unknown
Who was affected? Staples customers in the Northeast (allegedly)
How many people were affected? UnknownGet the full story.
The company is still investigating.
If your data could have been exposed, here’s what you should do. -
Kmart
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Early September to early October 2014
Who was affected? Kmart customers
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Dairy Queen
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Aug. 1, 2014 to Sept. 10, 2014
Who was affected? Dairy Queen customers at 395 locations
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Supervalu
What kind of data was exposed? Customer payment card numbers
When was the data exposed? June 22, 2014 to July 17, 2014; again late August to September 2014
Who was affected? Shoppers at Shop ‘n Save, Shoppers Food & Pharmacy, Cub Foods, Albertson’s, Acme, Jewel-Osco, Shaw’s, Star Market and associated liquor stores
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Viator.com
What kind of data was exposed? Customer payment card numbers, email addresses and passwords
When was the data exposed? Sept. 2, 2014
Who was affected? Customers on the travel site Viator
How many people were affected? 1.4 millionGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do about your card numbers, your email address, and your password. -
Jimmy John’s
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Between June 16, 2014 and Sept. 5, 2014
Who was affected? Jimmy John’s customers at 216 locations
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Home Depot
What kind of data was exposed? Customer payment card numbers
When was the data exposed? April 2014 to September 2014
Who was affected? Home Depot customers
How many people were affected? 56 millionGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
Community Health Systems / Tennova
What kind of data was exposed? Patient names, addresses, birth dates, telephone numbers and Social Security numbers
When was the data exposed? April and June 2014
Who was affected? Patients at Community Health affiliates
How many people were affected? 4.5 millionGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do about your social security number and your address. -
P.F. Chang’s
What kind of data was exposed? Customer payment card numbers
When was the data exposed? Sept. 19, 2013 to June 11, 2014
Who was affected? P.F. Chang’s customers at 33 locations
How many people were affected? UnknownGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
JP Morgan
What kind of data was exposed? Names, phone numbers, addresses and email addresses
When was the data exposed? June 2014 to July 2014
Who was affected? JP Morgan account holders
How many people were affected? 76 millionGet the full story.
Here’s what the company had to say.
If your data could have been exposed, here’s what you should do. -
If your email address has been stolen…
Watch your inbox for messages requesting information or requesting you to click on a link. If you receive a suspicious email from a company you do business with, call the sender to verify that they did indeed send it.
More:
-
If your password has been stolen…
Change your password for that account immediately. If you use the same code for other accounts, change those as well.
More:
-
If your credit or debit card number has been stolen…
For credit cards: Call the creditor and ask for a new card with a new number. Some creditors will automatically reissue cards to affected customers in wide-scale breaches. Know however that because the number rather than the card itself was stolen, you are not liable for any authorized purchases under the Fair Credit Billing Act.
For debit cards: Since the card was not lost, you are not liable for any unauthorized transactions if you report them within 60 days of receiving your statement. Still, you should cancel the card and change your pin. If the bank account number was also exposed, close the account and open a new one with a new number. Consider asking for a verbal password, too, which prevents bank personnel from discussing your account with anyone unable to provide that password.
More:
-
If your social security number has been stolen…
Contact one of the three major credit reporting agencies and have them place a fraud alert on your account. That agency will then be legally bound to notify the other two agencies to do the same. An alert lets lenders know to take extra care verifying personal information before issuing credit and entitles you to a complimentary credit report from each agency. Review this for suspicious activity. You should also place a credit freeze on your account, which will prevent a credit reporting company from releasing your credit report or score without your consent.
Sometimes the letters from breached companies also contain offers for free credit report monitoring provided by the company. While these programs are not generally worth paying for—since you can monitor your own credit for free—you may as well accept it if it’s being handed out. Monitoring services will alert you to some uses of your SSN quicker than you may be able to spot through your credit report, meaning you can resolve any problems quicker.
More: