What businesses are supposed to do after a security breach

Local News

Data breaches can cause a huge headache, for both companies and consumers. When an Oahu man got an email saying he needed to have his card replaced, he wanted more information to try to keep it from happening again.

John Lopinto reached out to us because no one could tell him where his card was compromised. So we went straight to the state to find out what credit card companies are supposed to tell you.

Lopinto tells us that Barclays, the credit card issuer, informed him there was a data breach at a business where he used his credit card. He wanted to know which one, but customer service couldn’t say. 

“Then I got a very curious response which was well the merchant probably hasn’t made it public yet,” said Lopinto, “then they said maybe the merchant hasn’t secured their database yet and so that even got me more worried. I’m worried that it’s a vendor that I do business with all the time.”

The state Department of Commerce and Consumer Affairs tells us the business is responsible for notifying consumers. 

“The bank may not know which company was involved in the breach. They may have been informed by Visa or Mastercard or by law enforcement authority,” said DCCA Executive Director Stephen Levins.

When a thousand or more Hawaii residents are affected, the business needs to report it to the state. If it’s less than that, the business still needs to contact the individuals. Unless the security breach involves a law enforcement investigation, the notification needs to be done without “unreasonable delay.”

“It could be a few days. It could be a few weeks, but it shouldn’t be weeks or months,” said Levins.

Levins tells us consumers need to be proactive. You could place a fraud alert on your account, do a credit freeze and check your credit report which is different from a credit card statement.

“A credit card report would have every single entry on it relating to any kind of debt you incurred over the years,” he said.

It’s free and it won’t affect your credit score, click here to go to annualcreditreport.com.

Barclay’s sent us this statement:

“Thank you for your inquiry. The notification that was sent was not part of any new widespread data breach. As a result of our ongoing fraud monitoring efforts, we routinely issue new credit cards to cardmembers if we suspect they may have been at risk for potential fraudulent or unauthorized use due to a previous breach outside of our company. Cardmembers are encouraged to call our customer care team, using the telephone number on the back of their card, with specific questions related to their account. Cardmembers are not liable for any purchases made fraudulently with their accounts.”

Copyright 2019 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.