Data Breaches: Your Rights and What You Can Do To Protect Yourself

Again we’re hearing of consumers who may be the victims of a data breach because they shopped at certain retailers within a given time frame. Unfortunately this seems to be a commonplace occurrence anymore, and with the holiday season quickly approaching more of us will be running into stores and making purchases online. Below are some common questions and some tips in the event you find yourself a possible victim in one of these unfortunate situations.

I’ve received a letter from a retailer notifying me that there was a data breach and that my bank account information may be at risk. What should I do now?

Acting quickly is your best bet, but keep in mind that just because your information may be at risk, doesn’t mean it HAS been compromised. First monitor all your activity, if any transactions are questionable notify your bank or credit card company immediately. Second, to ensure your protection, contact the bank and request a new card with a new account number. If this was a card that you are normally using to pay a recurring bill, make sure that you make arrangements to pay that bill from another account until the new account is set up. Keep in mind that if an automatic bill payment is established and then the transaction doesn’t go through because the account is closed, you may face late charges and overdraft fees. 

Unfortunately I was one of the people whose credit information was part of the data breach at a local retailer. I have changed account numbers and requested new cards for all my accounts. I also have paid for two separate memberships to protect my financial information. I am not only out the money I have paid for these memberships, I have also been incredibly inconvenienced and I STILL don’t know if something may happen down the line. Can I sue the store where this happened?

Simply put– no you can’t. While it is frustrating, to become a member of a class action lawsuit, you must demonstrate not only that you fall into the particular class (group of people affected by the data breach) but that you also have proof of an actual loss – which means that you HAVE been the victim of identity theft, and you HAVE had accounts hacked into and racked up expenses which you could not control. In this case, while you are at risk, thankfully nothing has happened yet. The decision to enroll in a credit protection service certainly seems wise in this case, but most companies whose data has been breached are providing those at risk with free credit monitoring. Choosing to enroll additionally in two more companies, is an expense which you sought out on your own, and you won’t be able to hold the retailer responsible for that.

In the event that you have suffered actual damages, you should speak with an attorney to discuss filing a legal claim.

These stories seem to be on the news every month or so – how can I protect myself to make sure this doesn’t happen to me?

There are several things you can do:

  1. Check your accounts regularly. You have to be diligent. If anything looks suspicious or is an unauthorized transaction notify the bank immediately and request a new card and account number.
  2. If you do not already have a card with a security chip in it, ask your bank when they will be making the switch. Chip based cards are MUCH more secure.
  3. When using a debit card, use it as a credit rather than a debit which requires your PIN. Credit transactions are much more secure. Most of the problems with security breaches occur when the scammer has not only the account number but the PIN as well.
  4. Beware of any phone call or email which attempts to either verify your information or sell you a credit monitoring program. This is a practice known as “phishing” where scammers pose as a legitimate company to get you to give up personal information such as passwords or PIN numbers. If you are contacted in any way, ignore the contact and YOU go to the retailer or bank’s website to verify information requested or transactions made. Never give any information in a cold call you have just answered or click on any link in an email.

As always, for a referral to an attorney, please contact the Allegheny County Bar Association’s Lawyer Referral Service at (412) 261-5555 or visit