AG Offers Consumer Tips Following Home Depot Data Breach, Announces Multistate Investigation
BOSTON – Following reports of a data breach at Home Depot that is estimated to have put approximately 56 million credit and debit card numbers at risk nationwide, Attorney General Martha Coakley offers consumers information on how to protect their information against identity theft.
The AG’s Office is also in contact with Home Depot to review the circumstances of the breach and the steps the company is taking to address it. The AG’s Office is working with Attorneys General across the country to determine whether Home Depot had proper safeguards in place to protect consumer information.
“This significant data breach has put the personal information of Massachusetts consumers at risk,” AG Coakley. “We are working with Attorneys General across the country to investigate the cause of this data breach, whether Home Depot had sufficient safeguards in place, and to ensure that Home Depot is taking appropriate steps to protect its customers. This latest breach is another example of why consumers should routinely review their credit card statements and credit reports for evidence of unauthorized activity.”
According to Home Depot, credit and debit card information for approximately 56 million consumers may have been compromised between April and September 2014. Home Depot has indicated that PIN numbers for debit cards are not at risk, and that the breach involves credit card and debit card information for purchases at its retail stores only. Purchases made through www.homedepot.com were not affected, according to the company.
For people who shopped at Home Depot’s retail stores between April and September 2014, the AG’s Office offers the following information on how to protect against potential identity theft:
1. Immediately review and monitor your credit and debit card information. If you shopped at a Home Depot using your credit or debit card between April and September, carefully review your credit card or other financial accounts for the next 12 to 24 months for any unauthorized activity. If you notice any irregular activity or charges, report them to the issuer of your credit card or your bank immediately.
2. Order a copy of your credit report, and look carefully for unauthorized activity. You are entitled to one free credit report per year from each credit reporting bureau.
3. Call one of the three major credit bureaus and place a one-call fraud alert on your credit report:
- Equifax: Call (800) 525-6285, and write: P.O. Box 740241, Atlanta, GA 30374-0241.
- Experian: Call (888) 397-3742, and write: P.O. Box 9532, Allen, TX 75013.
- TransUnion: Call (800) 680-7289, and write: Fraud Victim Assistance Division, P.O. Box 6790 Fullerton, CA 92834-6790.
You only need to call one of the three credit bureaus; the one you contact is required by law to contact the other two credit bureaus. This one-call fraud alert will remain in your credit file for at least 90 days. The fraud alert requires creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. When you place a fraud alert on your credit report, all three credit bureaus are required to send you a credit report free of charge.
4. If there is unexplained activity on your credit report, you may want to place an extended fraud alert on your credit report. If after reviewing your credit report you believe there is unexplained activity, you may want to place an extended fraud alert on your credit report. In order to do this, you need to file a police report with your local police department, keep a copy for yourself, and provide a copy to one of the three major credit bureaus. Then an extended fraud alert can be placed on your credit file for a 7-year period. This will mean that any time a user of your credit report (for instance, a credit card company or lender) checks your credit report, it will be notified that you do not authorize any new credit cards, any increase in credit limits, the issuance of a new card on an existing account, or other increases in credit, unless the user takes extra precautions to ensure that it is giving the additional credit to you and not to an identity thief.
5. Contact the fraud departments of your credit card issuers or bank. You may want to contact the fraud department of the credit card company or bank that you used when you made purchases at Home Depot stores. These financial institutions can monitor your account for suspicious activity. You may also wish to request a new account number; you can discuss this option with your credit card company or bank.
6. If you are a victim of fraud or identity theft. There are many steps you will need to take to protect your identity. Please see Attorney General Martha Coakley’s Guide on Identity Theft for Victims and Consumers, at http://www.mass.gov/ago/docs/consumer/id-theft-guide.pdf for important steps you should take to protect yourself. You can also view the Federal Trade Commission's identity theft resource, available at www.consumer.gov/idtheft/
Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store from April 2014 onward, and has posted information about these services can visit Home Depot’s website (www.homedepot.com) or by calling 1-800-HOMEDEPOT (800-466-3337).
It is important to note that credit monitoring may not monitor your existing credit card or bank account activity. Thus, consumers should continue to monitor their existing credit card and bank account statements for unauthorized activity, even if they also obtain credit monitoring services.
In December 2013, Target Corporation announced a data breach that affected the credit and debit card information for approximately 40 million people across the country, including approximately 947,000 Massachusetts residents. The data was compromised between Nov. 27, 2013 and Dec. 15, 2013. Immediately after that announcement, AG Coakley provided consumer tips for those affected by the breach. The next month, AG Coakley joined a multistate committee to investigate in response to another announcement that the email information for approximately 70 million people could be affected by Target’s data breach.
In the wake of another major data breach in January 2007 at TJX Companies, Inc, the AG’s Office led a coalition of Attorneys General that conducted an extensive investigation into TJX's data security policies and procedures in place when the breach occurred. In July 2009, TJX agreed to pay a total of $9.75 million and implement a comprehensive information security program, designed to safeguard consumer data. Massachusetts received more than $950,000 to aid efforts to protect consumers' personally-identifiable information.
For additional information, consumers may contact the Attorney General's consumer hotline at (617) 727-8400.