• Health
• Money
• Leisure
• Make a Difference
• Family
• Online Community
• Membership

Trouble Afoot: The DSW Security Breach

By: Sid Kirchheimer; Source: AARP Bulletin Date Posted: 2005-06-03 07:47:00-04:00

• Comment
• Email
• Print
• Bookmark

If you are a recent customer of DSW (Designer Shoe Warehouse) who paid with a check, credit card or debit card, your financial data is probably now in the hands of identity thieves.

The company says a computer hacker stole from its database information on 1.4 million credit and debit cards and 96,000 checking accounts, used to make purchases at 108 stores between mid-November 2004 and mid-February 2005, or anytime in the last two years at its Dadeland Mall store in Miami. A list of the affected stores is on the company's website.

Since the theft was confirmed on March 8 (details on its extent weren’t released until April 18), DSW says it has been trying to notify affected customers. Letters have recently begun to reach nearly 90 percent of those paying with checks, and about half of those who used credit or debit cards.

“The problem that has delayed the process is that DSW doesn’t have addresses for the vast majority of people who shop there,” says DSW spokesman Rob Whitehouse. “We immediately began to notify banks and credit card companies.”

So what should you do—whether or not you received a letter from DSW?

If you paid with a check:

• Ask your bank about closing the account, which will likely be advised. Although the DSW letter says that the names, addresses and Social Security numbers of its check-paying customers were not in the stolen information, what was hacked was the vital numerical sequence on the lower left side of checks — the Magnetic Ink Character Recognition (MICR) number that includes bank account and routing numbers.
  
  With this information alone, thieves can make online purchases or otherwise withdraw from your checking account, say bank fraud officials. Your bank can easily transfer your balance into an account with a different numerical sequence that cannot be accessed by these thieves, although you will need to order new checks.
• Call your state department of motor vehicles to ensure that a duplicate driver’s license hasn’t been issued in your name; also inquire about putting a fraud alert on your license to prevent such duplicates. Driver’s license numbers, written on checks, were among the stolen information.

If you paid by credit or debit card:

• Consider freezing that account. With one phone call to your credit card company or bank, you will be issued new plastic with a different account number. DSW has notified American Express, Discover, Visa and MasterCard about the data theft, but cannot guarantee that the information reaches all customer service representatives.
  
  Although customers are liable for only $50 in fraudulent credit card charges, debit card fraud can be riskier. Not only can the thief drain your bank account (taking the bank up to 14 business days to refund your money), but unless you notify the bank within two business days of debit card theft, your liability can be as high as $500.

For everyone:

• Put an “ identity theft security alert ” on your consumer report at Chex Systems, a credit reporting company that collects information on bank accounts. Call 888-478-6536 or go online. This initial alert is good for 90 days. An extended alert, good for five years, must be requested by mail and requires a notarized affidavit. To determine if new bank accounts have been opened in your name, request a free copy of your Chex Systems consumer report by calling 800-428-9623.
• Put a " fraud alert " on your credit file by contacting any of the three major credit reporting companies. Experian (888-397-3742) lets you request a fraud alert either online or by phone. Equifax (800-525-6285) and TransUnion (800-680-7289) require that you call. Whenever one of these firms receives a fraud alert, it notifies the other two. Within 24 hours, a fraud alert will be put on your credit report at all three companies. Once the alert is placed, you may order a free copy of your credit report from all three. This initial alert is good for 90 days. An extended alert, good for seven years, must be requested by mail.

At this point, says Whitehouse, DSW has no plans to compensate its customers for personal expenses, such as ordering new checks, incurred as a result of this security breach. “We feel that many charges will be reimbursed through banks or credit card companies,” he tells AARP Bulletin.

Additional Related Links

Stealing Your Life

One Identity Theft Victim's 'Living Hell' (February 2004)

Tips for Avoiding Identity Theft (February 2004)

Identity Thieves Target Mailboxes (February 2005)

AARP.org's Consumer Information Channel

Message Board: Share Your Experience with Identity Theft

Related Articles

• Cyberthieves Want Your Identity
• Warranty Card Worries
• Workout for Your Wallet?
• Oh No! Is That Rust?