WV Attorney General Morrisey urges caution when using online retail services and offers tips to protect personal information.

 
CVS, Costco, Sam’s Club, Rite Aid and Walmart Canada have all temporarily taken down their online photo printing websites in the wake of a suspected data breach at PNI Digital Media, a third-party vendor that manages and/or hosts their photo services sites. The companies were made aware that customer credit card information collected through online photo purchases may have been compromised. As a precaution, they have temporarily shut down access to online and related mobile photo services.
 
“Corporate data breaches are becoming far too common, but these entities are no less susceptible to scammers than anyone else,” Attorney General Morrisey said. “Hackers are becoming more resourceful and smarter in ways to crack even the most secure of networks. That’s why we urge consumers to always be extremely cautious when providing personally identifiable information, especially online.”
 
It is important for consumers to know that from all reports the photo printing websites for these stores are independent from the companies’ main websites. The data breach of the online photo printing site does not reflect a company-wide breach, and financial transactions made on the companies’ main sites have not been affected.
 
“In today’s digital age, many consumers turn to the Internet for retail services that once required walking into a store,” Attorney General Morrisey said. “However, this convenience has proved to come with some drawbacks, like cyber theft.”
 
Attorney General Morrisey offers consumers the following tips on how they can avoid credit card cyber theft and what to do if they find themselves a victim of an online data breach:

• When making purchases online, use a credit card, not debit card, when possible. A credit card is not directly linked to your bank account.
• If you’re shopping online, make sure the URL starts with “https://” – the “S” tells you the site is secure.
• Set up fraud alerts so that your credit card company or bank will notify you of fraudulent activity on your account. Also, contact one of the three credit reporting agencies and have them place a fraud alert on your account.
• Keep a close eye on your credit card account, bank statement and credit report. The earlier you catch suspicious activity, the easier it will be to clean up.
• You may choose to cancel your cards immediately. Credit card companies will reissue a new card with a new number and banks will issue a new debit card with a new PIN.
• If you notice fraudulent activity on your accounts, report it immediately.

If you are a victim of credit card fraud, it is important to know that you have certain rights. If a credit card was used and the number, not the card, was stolen, you are not liable for any unauthorized purchases under the Fair Credit Billing Act. If a debit card was used and the card was not lost, you are not liable for any unauthorized transactions if you report them within 60 days of receiving your statement.
 
If you believe you have been a victim of credit or debit card fraud or identity theft, contact local law enforcement and the Attorney General Office’s Consumer Protection Division at 800-368-8808, as well as the Federal Trade Commission at 1-877-438-4338 or www.ftc.gov/idtheft.