If you've been following the sorry saga of identity theft involving T.J. Maxx, Marshalls, and other stores operated by TJX
The computer intrusions and data theft now appear to have started in July 2005 -- about 10 months before the original estimate that the hacking started in May 2006. The identity thieves got ahold of credit card and debit card data, drivers' license numbers, names, and addresses.
TJX, which waited a month after discovering the break-in before informing customers, still cannot say how many people might have been affected. It did say it would inform the affected customers, though it has argued that customers aren't at risk of full-blown identity theft.
Still, it's not exactly comforting to know that some unknown criminal has your credit card number and could be shopping frenetically for collectible ceramic figurines on eBay right now. It also doesn't put a consumer at ease to see that TJX, apparently, is still trying to get a handle on the scope of the problem.
It would be nice if all retailers did the responsible thing -- protected your information, disposed of it when no longer necessary, immediately informed customers of any security breaches, then did their utmost to protect consumers from the criminals.
Until this land of sunshine and rainbows materializes, consumers need to be on the lookout for evidence that their identity, credit card, or debit card information has slipped into the wrong hands.
That means, first and foremost, you should review those statements you get every month from your credit card or your checking account (if you're a debit card user), looking for anything suspicious. This will be the first place that unauthorized activity could appear. If you regularly download your transactions into money management software, or if you check your account frequently online, you'll find out that much faster. The more quickly you can detect suspicious activity, the faster you can act to counter it.
Immediately close any account that has been fraudulently accessed or opened in your good name. Do this through the security departments of your financial institutions, so they know that there's been a breach of your account.
Ask the credit card or bank for forms that will allow you to dispute unauthorized charges, and do so in writing. Do the same for any unauthorized accounts accounts opened in your name.
Contact the three major credit reporting agencies (Equifax, Experian, and TransUnion) and place a fraud alert on your file. You'll then be entitled to free copies of your credit reports so you can check for any unauthorized activity or accounts. It will be easier to detect those if you've been checking on your credit reports regularly and have a good idea about what they're supposed to look like.
The fraud alert will require that any business accessing your credit report will have to verify your identity. This may delay any application for credit, but it's in your best interest. Keep your contact information current to avoid lengthy delays.
Your initial fraud alert will stay on your credit report for at least 90 days. You can do this even if your identity has not been compromised but you suspect you might be vulnerable. You can get an extended alert if it turns out that you have, in fact, been a victim of identity theft.
Make sure, too, to file a complaint with your local police and with the Federal Trade Commission, which looks for patterns in identity theft. Your information can help law enforcement track identity thieves.
Unless you want to convert to buying everything in cash, you'll have limited ability to avoid data hacking problems like the one plaguing TJX. You can do plenty of other things to reduce your exposure to identity theft, from shredding your documents to canceling old credit cards. Find more ways to safeguard your good name here.
- Win the War Against Identity Theft
- It's Hunting Season for Identity Thieves
- ID Theft: When Will It End?