Skip to Main Content

A New Wave of Retailer Security Breaches and What it Means to You

Several folks from the 3Rivers team are closely following recent news about potential card data breaches involving Home Depot and Goodwill Industry stores. Because this could involve a large number of cards and impact many 3Rivers members, we wanted to share some facts and offer suggestions for ways to be proactive in securing your money matters with as little inconvenience as possible. As always, we’ll keep monitoring details as they develop and communicate them to you.

Security Breaches | Image source: / Artist: Max Griboedov

What Has Been Reported?

  • Both Home Depot and Goodwill Industries have confirmed they are investigating unusual activity that could be related to potential security breaches.
  • Noted security expert, Brian Krebs, reported on Sept. 2, 2014 that “a massive new batch of stolen credit and debit cards… went on sale… in the cybercrime underground.” He also noted that there are signs the perpetrators of the apparent breach may be the same group of hackers responsible for similar breaches at Target, Sally Beauty and P.F. Chang’s.
  • On Sept. 5, 2014, Krebs reported it is possible that ALL U.S. Home Depot stores are included in the breach and it’s estimated to have “probably started in late April or early May.”

What Does This Mean? How are we Impacted?

This potential breach is shaping up – if confirmed – to be more far more widespread and costly than the Target breach that occurred earlier this year. That’s terrible news. But – in good news – consumers have zero fraud liability on their credit cards. If your card is compromised in a data breach and fraud occurs, those fraudulent charges will be reversed when reported. Keep in mind, though, that more than your card number may be at risk. It may also involve the theft of personally identifying information that can be used for other forms of identity theft.

However, while members are not held liable for fraudulent activity on their accounts, the same is virtually true for the retailers where the breach happened. The funds are most-often returned to your account by the financial institution where you have your account. As a 3Rivers member, that means 3Rivers puts the money back into your account – and therefore absorbs the costs associated with it.

As a member-owned cooperative, this is your business and that’s your money! While we are a not-for-profit entity, we do have to earn revenue to operate and provide competitive services to you. So, you may not feel the immediate hit to your accounts, but 3Rivers has to take action to recover those losses, which could be in the form of lower dividend rates, higher loan rates, less investment in technology, changes in fee structures and a host of other strategies.

How Can I be Proactive in Protecting Myself?

  • Monitor your accounts: Be on the lookout for any unauthorized transactions and report any bogus charges immediately.
  • Set-up and/or change passwords: If you have an online account with the identified retailers, change your passwords and double-check the security on all your devices. Get in the habit of logging out of password protected sessions, set up passwords to access mobile devices and laptops/tablets, etc.
  • Get ahead of the traffic: If you have used a debit or credit card at Home Depot or Goodwill stores during the last several months, keep an extra close eye on your account activity. Consider having a new card issued BEFORE FRAUDULENT ACTIVITY OCCURS. If this breach is confirmed, there will be a huge influx of requests for card reissues across the country. This will produce delays in reissued cards being received and cause a lot of frustration and inconvenience. If we determine a need to close and reissue cards to high risk cardholders (determined by transactional activity during the time window of the compromise), since you’ve already taken this action, you will be less impacted or inconvenienced as a result of those actions.
  • Be extra cautious: If you get any official-looking emails, letters, text messages or phone calls asking for personal information and claiming to be Home Depot, Goodwill, the FBI or your card issuer, it is likely not from that source. Report the incident and take action to protect yourself from further fraud (Note: Here is a resource we’ve developed to help guide you).
  • Check Your Credit Report: Visit, where you can get free copies of your credit report every 12 months from each credit reporting company. Reviewing the information helps ensure the information on all of your credit reports is correct and current. But you don’t need to get a report from all three bureaus at the same time. Set a calendar to pull a different one every four months so you can be sure you’re always on top of things.
Return to the top of the page