Some 151,000 Mainers learned last year that snippets of their personal data — Social Security numbers, email addresses, drivers’ license numbers — had been stolen or inadvertently released.
Here are some steps experts suggest for protecting yourself from a data breach:
* Go old-fashioned: Use cash when possible.
* Don’t respond to unsolicited emails or calls asking for personal information.
* Tell your bank/credit union/credit card company when you’re traveling so they don’t flag out-of-town activity as suspicious.
* Alert your bank/credit union/credit card company immediately if you notice strange activity.
Liability for unauthorized use of a credit card is limited to $50, according to the Maine Department of Professional and Financial Regulation. If you report a loss to the card issuer before the card is used, the issuer can’t hold you responsible for any unauthorized charges. If you haven’t lost the card, but rather the account numbers were stolen, you have no liability for unauthorized use. Many cardholder agreements say consumers are not responsible for any charges under any of these circumstances.
Debit card users noticing unauthorized activity resulting from a possible data breach have 60 days to report it from the time the bank or credit union sent their statement. Otherwise they are liable for the amount of the unauthorized transactions.
If the debit card is lost or stolen, you have two business days to notify your financial institution, which will limit your liability to $50. If you don’t, you could be liable for up to $500 of the unauthorized transactions. And if you don’t notify your financial institution within 60 days of getting a monthly statement that lists a fraudulent debit, you can be liable for all unauthorized withdrawals occurring after that 60-day period.
* Don’t use Internet Explorer and open email in Microsoft Outlook at the same time; the programs communicate with each other through the Windows operating system to make everything easier, including unauthorized downloads, according to Ed Sihler at USM’s new Maine Cyber Security Cluster.
If you’re on a Windows machine, consider using Chrome or Safari instead.
“They don’t use that piece of the internal operating system,” said Sihler. “If you’re on Windows, install Safari, and that’s all you use when you go onto online banking sites and the like. If you want to take it a step farther, you only use it in private browsing or secure browsing mode. That means nothing is really cached locally.”
For small businesses:
* Keep operating system patches and anti-virus software up to date.
* Designate one office computer as solely used for processing credit cards and one solely used for online banking. Both can be inexpensive computers.
“For the online banking one, you should run either Linux or Mac (operating systems),” said Sihler. “Because Windows is frequently used in small businesses, the thieving software is targeted at Windows.”
* Keep a daily eye on your assets.
“Whereas consumers are protected as long as you tell the credit card company reasonably quickly about the theft, the assumption is that as a business, you know what you’re doing so there is no protection,” Sihler said. “Business needs to watch those accounts even more closely.”
* When in doubt, reach out.
The Maine Cyber Security Cluster hopes to become a matchmaker for local companies who need help and local data security companies that can provide it.
“If we can throw in student labor so, a) we train the students, and, b) it costs a little less, that’s great,” he said.
Source: Maine Attorney General’s Office, Maine Bankers Association, Maine League of Credit Unions, Maine Department of Professional and Financial Regulation, Maine Cyber Security Cluster
This story was updated with the correct spelling of Ed Sihler’s last name at 9:27 a.m. Thursday, Feb. 27.