Panic is not the right way to respond to a data breach as it achieves nothing. Instead, you need a game plan when you read about something like the recent Chipotle Mexican Grill, Inc. and Pizza Locale restaurant breaches. What you do first matters the most.
Dig for Details
Step 1 is to nail down the details. Some notifications contain very little data. The company doesn’t explain when or where a breach occurred. American Express and Discover credit cards, for example, notify regulatory agencies without even naming the breached merchant(s). You need the where, when, and how. While that can often dead-end your efforts for a time, the two restaurant chains currently making news have provided ample data to take Step 2—determining your individual exposure.
“I’m supposed to remember where I ate in March?” one Colorado Chipotle fan asked when she learned of the breach. Indeed, it’s no easy task. If you’re fortunate, the company will give a segmented breakdown of the hack.
Chipotle, with over 2,200 locations nationwide, now states that most of its stores were compromised. They know the approximate span of the intrusion—March 24, 2017-April 16, 2017. The company published a store locator at the bottom of their breach notice that discloses the locations involved.
Pizza Locale, an affiliate of Chipotle, suffered a near-identical intrusion from March 27 to April 18. These breaches were first announced in late April, but an in-depth investigation was needed to create the full list of compromised locations.
What Was Accessed?
Your risks and any proactive measures available to you depend on what data has been leaked, so Step 3 is to determine what personal information has been exposed. Again, not all companies offer details of the data accessed but keep trying.
Chipotle stated, “The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS (Point of Sale) device. There is no indication that other customer information was affected.”
Chipotle’s breach impacted just credit and debit cards. We say ‘just’ because this is one of the easiest hacks when it comes to recovery yet it often causes the most consumer panic because money is involved.
It’s not your money at risk, however. Under federal law, consumers won’t be held liable for unauthorized credit card charges. That is the responsibility of the card issuer or the vendor. All you must do is report any fraudulent charges ASAP.
Read Your Statements
For card breaches, Step 4 is one you probably prefer to avoid, but it’s essential to check your monthly bank and credit card statements regularly. In this particular breach, you can find dates of intrusion for your favorite Chipotle or Locale place and compare that to your financial statements.
Did you use a credit card or debit card at one of their restaurants during the hacking timeframe? If so, you need to double your efforts to spot unauthorized charges. If necessary, take Step 5 and request a new card. You can also utilize alerts offered by most banks that notify you whenever your card is used or used above a certain amount.
Debit vs. Credit
The one significant concern for consumers comes if you swiped a debit card at a location that’s been breached. If your PIN is used and captured by malware, a window is created into your full checking account and any attached lines of credit. If your account gets drained, you are still not liable for the losses, but it could take up to two weeks to restore your funds. How would you pay the rent or the mortgage?
With data breaches, credit card users experience less stress since their statements could show fraud before any payment is due.
For a simple credit card compromise, you may not need to take Step 6 which is to put a freeze on your credit files. All the thieves have is one account number. If you see fraud, cancel the card and move on. This credit bureau tool and its cousin, the security freeze, could be smart for significant leaks that compromised the sort of data needed to open other accounts such as your Social Security number.
Understand the risks of your chosen payment method. Debit cards are great for budgeting but carry more risk if used at a store that gets breached.