advertisement

After Jewel, UPS, how do consumers stay safe from data hacks?

Recent data breaches at Jewel-Osco and at UPS stores added more worry on already whipsawed suburban consumers.

Along with those, other hacks have included Target, Michaels, P.F. Chang's China Bistro, Neiman Marcus, Barnes & Noble and Aldi in recent years. Even medical providers aren't immune. Oak Brook-based Advocate Health Systems, with several suburban hospitals, and Vista Medical Center and Vista Medical Center West in the Waukegan also reported data breaches involving patient information, which could involve Social Security numbers.

Fifty percent of Illinois residents and 54 percent in the Chicago region have been a victim of identity theft or know someone who has been affected by the crime, reports Experian ProtectMyID, based on an online survey conducted June 10-12 among 1,051 adults in Illinois. This could be attributed to the many data breaches that have occurred nationwide and the 16 breaches reported in Illinois so far this year, said an Experian spokeswoman.

Such hacking is expected to continue, experts said. So consumers are hunkering down and learning how to protect their finances and their identities. And companies also are looking to new technology to stem the tide of rising hacks, experts said.

One possible answer has been the EMV, or Europay, MasterCard, Visa, card that has a new chip that works with a PIN, or personal identification number, instead of a signature, said Gokhan Inonu, president of Rosemont-based Cardtek USA, which provides such solutions.

He said the chip in new cards has provided more security to consumers in Europe in recent years and has been transitioning in the United States. Consumers likely will have such cards by October 2015.

"When you have someone sign for their merchandise, you really don't know who the real card holder is," said Inonu. "The best way is to ask for a PIN."

He said the future also holds new, more secure networks and devices that will provide better encryption and not be part of an overall operational network for an entire company.

"At Target, the main system was connected to the registers and all the other systems, even the air conditioning," Inonu said. "The hackers got into the AC and then into the main system, then the cash registers and finally the POS (point of sale) terminal, where the data was stored."

Until banks and companies transition to new networks, devices and special security, consumers should keep an eye on their accounts and watch for any unauthorized debits or credits, said Jerry Irvine, chief information officer of Schaumburg-based Prescient Solutions. He's also a member of the National Cyber Security Task Force, a joint effort between the U.S. Chamber of Commerce and U.S. Department of Homeland Security.

"Hackers occasionally make small payments or charges to check to see if the card is valid and usable," Irvine said.

If the bank or retailer states that the card is definitely compromised, or the consumer is sure he or she had used it during the specified time period when a company's data breach occurred, the consumer should cancel the card and get a new one as soon as possible, Irvine said.

While POS systems at retailers might have only the credit card number compromised, database and financial systems breaches might actually allow for leaks of other personally identifiable information, such as user IDs, passwords, Social Security numbers, birth dates and more, Irvine said.

So consumers should routinely change user IDs and passwords across different systems, make sure to use unique IDs and passwords for different systems, and use complex passwords with upper and lowercase letters, numbers and special characters, Irvine advised.

Besides these ways to protect themselves, consumers need to understand the overall situation, Irvine noted.

"Cyber security has become more and more difficult. Banks, retailers and other industry organizations need to be able to openly share cyber security event information without fear of liability or legal constraints in order to help define all the technologies, tools and specific procedures that are being used to attack their environments," Irvine said.

Cyber laws, such as the Cyber Intelligence Sharing and Protection Act, Cyber Information Sharing Act, and National Cybersecurity and Critical Infrastructure Protection Act, are attempts the government has made in order to allow open and collaborative sharing of cyber event information, he said.

"This will go a long way in enabling organizations to learn more about hackers systems and attack processes," Irvine said.

In addition, companies will need to redirect their cyber security initiatives away from legacy detection-based tools, like firewalls, intrusion detection systems and anti-virus, and instead use prevention-based solutions designed to specifically protect data and data storage systems, Irvine said.

Just to reassure you, a data breach doesn't always mean your information was taken or will be used by the hackers.

"There is very rarely a situation where it can be stated that a consumer's card information has actually been stolen. Rather, the bank or retailer simply states that if the consumer had used the card during a specific time period, it is possible that it has been compromised," Irvine said.

Follow Anna Marie Kukec on LinkedIn and Facebook and as AMKukec on Twitter. Write to her at akukec@dailyherald.com.

Schaumburg tech expert: Online attacks could increase in 2014

The Jewel-Osco data breach is one of the latest cases where consumer credit or debit card information or even their medical information has been stolen. Consumers can take steps to protect themselves, while various industries are finding more ways to help. ASSOCIATED PRESS/DAILY HERALD FILE PHOTO
The Jewel-Osco data breach is one of the latest cases where consumer credit or debit card information or even their medical information has been stolen. Consumers can take steps to protect themselves, while various industries are finding more ways to help. ASSOCIATED PRESS/DAILY HERALD FILE PHOTO
The Jewel-Osco data breach is one of the latest cases where consumer credit or debit card information or even their medical information has been stolen. Consumers can take steps to protect themselves, while various industries are finding more ways to help. ASSOCIATED PRESS/DAILY HERALD FILE PHOTO
Jerry Irvine
Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.