Swiping your credit or debit card at a retail store can be risky. That's because criminals are always looking for companies with lax security so they can rip us off.
When we use these cards to make payments, we expect the retail location to have a secure system. Unfortunately, it's not always the case. We're now learning about a massive data breach that took the impacted company almost a year to discover, putting countless customers' finances in jeopardy.
Has your banking information been compromised?
We're talking about the country's oldest clothing retailer, Brooks Brothers. The company just disclosed that it was the victim of a major data breach that was ongoing from April 4, 2016 until March 1, 2017. A criminal installed malicious software designed to capture payment card information on some of the company's payment processing systems.
Anyone who shopped at Brooks Brothers during that time-frame could be impacted. Stolen information consists of payment card data - including name, payment card account number, card expiration date and card verification code.
Here is the notice of the data breach Brooks Brothers sent to its customers:
"Brooks Brothers recently became aware of a security incident that could affect the payment card information of some customers who made purchases at certain Brooks Brothers and Brooks Brothers outlet retail locations in the U.S. and Puerto Rico only between April 4, 2016 and March 1, 2017. It is important to note that no sensitive personal information, such as Social Security number or personally identifying information was affected in this incident.
"As a precaution, we are providing this notice to make potentially affected customers aware of the incident and provide information on steps they can take to help protect themselves. We take the security of our customers' information very seriously and value the trust you place in us to protect your information. We deeply regret any inconvenience or concern this may cause you."
Over 220 locations across the country were affected by the breach. The company has set up a webpage with a searchable database that allows you to check which locations are impacted. Click here to see the list of affected locations, just select the State/Territory from the drop-down box and it will show all affected locations in that region.
Brooks Brothers is assuring customers that the data breach has been taken care of and it's now safe to shop there. Transactions on the company's website were not part of the breach.
The company is urging customers to look at their bank statements dating back to April 2016 to check for suspicious activity. If you find any transactions that you don't recognize you should report them to your bank immediately.
What you need to do after a data breach
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.