Staying protected from cybercriminals is something everyone needs to stay on top of now that we’re living in a digital world. New data breaches, malware and phishing scams are popping up constantly.
However, you don’t have to be online for your financial information to be at risk. Swiping your credit or debit card at a retail location can also jeopardize your finances. We’ve just learned of a major credit card breach at one of the country’s oldest retailers.
Has your banking information been stolen?
The latest retailer to be hit with a payment systems breach is Kmart. The company announced this week that its payment data systems had been infected with credit card data stealing malware. It did not give a time-frame for when the malware was in place or how many customers were impacted, so who knows how long this went on.
Kmart posted on its site, “Based on the forensic investigation, NO PERSONAL identifying information – including names, addresses, Social Security numbers, birth dates and email addresses – was obtained by those criminally responsible. However, we believe certain credit card numbers have been compromised.
“All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach occurred, and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited. There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.”
The company also said that once the malware was discovered it was immediately removed. They are urging customers to look at their bank statements and report any charges they do not recognize to their bank.
This is bad news for Kmart customers, even if their Social Security numbers were not stolen. Whenever a data breach like this occurs you should take the following steps.
How you need to respond to a data breach
- Keep an eye on your bank accounts – You should already be frequently checking your bank statements, looking for suspicious activity. It’s even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication – Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address – Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password – Whenever you hear news of a data breach, it’s a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts – Here’s an easy way to manage all of your online accounts at once.
- Beware of phishing scams – Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords – Many people use the same username and password on multiple sites. This is a terrible practice and you should never do it. If you’re using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.