At this time last year, consumers were reeling from news that a security breach at Target and its nearly 1,800 stores had compromised data for some 40 million customers who had bought items during the prime shopping days of the holidays.
The thieves made off with names, credit card and debit card numbers, expiration dates, security codes — everything. Given that the breaches occurred as early as mid-November but consumers weren’t notified until January, many were left asking, “What took so long?”
The episode exposed, once again, how vulnerable Americans are to such attacks and how much consumers often are left in the dark about what’s happening with their personal information due, in part, to how slow American banks and credit card companies have been in adapting chip-related security measures that have long been considered routine in Europe, Asia and Latin America.
It also opened for debate the maddening tapestry of policies and laws that exist in the private sector and among state governments concerning how and when consumers are to be alerted when their information has been stolen.
On Monday, President Barack Obama announced his plan to address the problem by strengthening laws against identity theft, requiring notification within 30 days when consumer information is hacked and allowing consumers easier access to their credit reports.
Cybercrime “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said in a speech to the Federal Trade Commission.
These measures, which Obama is expected to discuss in his State of the Union address on Tuesday, would free those in the private sector to share more information on cyberthreats and what they’re doing to combat them. It also would toughen laws against the sale of stolen financial data and would call for stepping up measures to protect student data.
It’s also no secret that card theft is big business. Global losses amounted to a record $11.27 billion in 2012. Of that, debit card fraud made up 54 percent, according to a Nilson Report analysis.
Given other high-profile assaults, including the hacking of Sony accounts last year, cybesecurity was a topic of discussion between Obama and British Prime Minister David Cameron during their White House visit on Friday. They announced efforts to reduce hacking threats by, among other things, creating a joint cybersecurity unit involving intelligence and law enforcement agencies.
As if to underscore the urgency of the issue, hackers who claimed to be working for the Islamic State seized control of Twitter and YouTube accounts for the U.S. Central Command as Obama was speaking to the Federal Trade Commission.
Everybody is vulnerable — and the stakes are high. Maybe even high enough to overcome the political obstacles that exist for any Obama initiative that’s sent to a Republican-controlled Congress these days. Consumers are left to hope the urgency of this issue will force a much-needed breach in those walls.