Tips When Experiencing a Data Security Breach

Following the recent news about Target’s data security breach regarding their PIN systems, the NationalConsumerLawCenter and Consumer Action want to provide consumers with a few reminders.

1. Your responsibility for fraudulent charges is limited under federal law.

In regards to credit cards, you cannot legally be held responsible for unauthorized credit card charges, except for maybe $50. With that being said, if during the Target security breach someone were to have accessed your credit card information and made excessive charges, you would be limited to a charge between $0 and $50, even if the charges exceeded that amount.

Circumstances with debit cards, however, are much different. If you notify your bank within two days of the unauthorized charge, you are responsible for $50, but if the notification is after two days, you can be charged up to $500 if the charge exceeded that amount. Pay attention to your bank statements because if you wait 60 days or more after the unauthorized charge to notify your bank, then the amount that you may be held responsible for is unlimited. Because the money from the debit card comes directly from your bank account, the bank cannot put that money back into your account until after the fraud charge is reversed. Therefore, if you had used your personal debit card at Target during their data breach and your information had been taken, you would probably be responsible for a greater amount of that charge. Target even offers its own debit card, the Target REDcard, which works just like a check by drawing from your existing checking account, and these cards were also involved in the security breach. Several card companies, including VISA and Mastercard, actually have voluntary “zero liability” policies which will limit your losses to $0 should any unauthorized charges occur, provided that you notify them in a timely manner. If your card company typically charges a fee for replacing the card, ask them if they would be willing to waive the fee.

2. Check your credit report, but don’t panic.

You should already be checking your credit report regularly, but if you aren’t and you were involved in a security breach, it would be a good idea to check it to make sure that you are not the next victim of identity theft. Although it is highly unlikely that theft of a credit card number would lead to the opening of new accounts, you would rather be safe than sorry.

3. Don’t pay for expensive credit monitoring or fraud detection services.

If you have ever been the victim of a data security breach, especially like the one many Target customers just experienced, you may feel the need to pay for additional services to try and protect you. As long as you are checking your bank statements and your credit card statements on a regular basis, then there is no need to pay for these extra services. By visiting you can check your credit report for free once a year, so there is no need to pay for a service where you get monthly updates.

4. The strongest prevention against ID theft after a breach is a security freeze.

Freezing your files is a great way to prevent your credit report from being shared with potential new creditors; therefore, a thief will probably not be able to establish any new credit in your name. In most states you are legally allowed to place a security freeze on your credit report. For more information on this process, visit

If you have been shopping at Target recently, and you are worried that you may be a victim of their security breach with one of their PIN systems, make sure to be checking your bank statements as well as your credit card statements.