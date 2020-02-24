THE ISSUE
"Rutter’s says its four Lancaster County locations are among those where some customer payment card data may have been compromised,” LNP | LancasterOnline’s Chad Umble reported Feb. 15. It was determined in mid-January that someone might have deployed malware “to access payment card data from point-of-sale devices at some fuel pumps or inside stores.” York-based Rutter’s said a total of 44 of its locations are suspected to have been breached between about October 2018 and May 2019.
Over the past 15 years, we’ve learned — painfully at times — that our personal data is not safe.
AOL, the U.S. Department of Veterans Affairs, TJ Maxx, the Sony Playstation Network, Adobe Systems, Target, Yahoo, eBay, Home Depot, JP Morgan Chase, Equifax, Uber, Facebook, Marriott International, Wawa. All of these entities have had data breaches involving tens of millions — sometimes hundreds of millions — of records.
Hackers target our most vulnerable and most valuable information: passwords, Social Security numbers, credit card numbers, bank accounts, addresses, medical records and more. They can use that information for identity theft. To drain our bank accounts. Or for other criminal activities.
It’s easy to feel helpless against the overwhelming tide of these data breaches.
But we’re not.
Not completely, anyway.
There are effective tools at our disposal. And common sense can serve us well, too.
First, with specific regard to the Rutter’s incident, here are some additional things to know:
— Rutter’s, which has Lancaster County locations in Leola, Marietta, Mountville and Strasburg, said the malware in some instances might have been able to pick up the cardholder’s name, in addition to card number, expiration date and internal verification code.
— The company has provided an online “locator tool” for customers to see what specific Rutter’s locations and time frames were involved in the potential breach. Go to bit.ly/RuttersSearchTool.
— For customers that Rutter’s can identify as having used their card at specific times and vulnerable locations during the data breach, and for whom it has contact information, Rutter’s will be mailing a letter or sending an email.
— Anyone with questions can call the Rutter’s incident response line at 888-271-9728, weekdays between 9 a.m. and 9 p.m.
So far, Rutter’s has responded well to this unfortunate event.
Be proactive and smart
There are important steps we can take on a regular basis to safeguard our data and money.
Here’s an old-fashioned one that still works: Monitor your bank account.
“Older generations remember the days of manually recording every deposit and withdrawal made from their bank accounts — otherwise known as balancing your checkbook,” Elizabeth Aldrich wrote for The Ascent website last year. “Younger generations might not even know what a checkbook is.”
Having a physical checkbook is no longer necessary. But the philosophy behind it is sound: If we know what we have down to the dollars and cents, we can more easily spot potential fraud. (It’s also a good way to spot hidden fees and charges that we might lose track of.)
“It’s crucial to check your accounts as frequently as possible in order to protect yourself from fraud,” Aldrich notes. “That way you can spot suspicious activity and report it as soon as it happens.”
And there’s this: We should check our credit report once a year — it’s free — through annualcreditreport.com, as authorized by federal law. This can help us pinpoint fraud or identity theft.
And here are some tips from the Federal Trade Commission on keeping our personal information secure:
— “Limit what you carry. When you go out, take only the identification, credit, and debit cards you need. Leave your Social Security card at home.”
— “Before you share information at your workplace, a business, your child’s school, or a doctor’s office, ask why they need it, how they will safeguard it, and the consequences of not sharing.”
— “Shred receipts, credit offers, credit applications, insurance forms, physician statements, checks, bank statements, expired charge cards, and similar documents when you don’t need them any longer.”
We should also be cautious with email. Don’t trust or click on links in unexpected emails. Log into accounts through a browser, not through links in an email. (These tips also go for links in text messages.)
We should protect all of our online accounts with multifactor authentication.
Finally, we should remember to change our passwords regularly. Make them unique and strong. Do not reuse passwords and do not use the same password across multiple platforms.
Data breaches may continue to be inevitable. But there are ways we can protect ourselves from being fully at the mercy of hackers and other bad actors.