Pando

Billguard was the first to notify many affected consumers of the USPS security breach

By Michael Carney , written on November 11, 2014

From The News Desk

Less than a week ago I was singing the praises of Billguard as a crucial line of defense for consumers concerned with payment fraud in today’s climate of prolific corporate hacking. Right on cue today I received an email from the company backing up that very assertion.

As you may have read yesterday, the United States Postal Service (USPS) was recently the victim of a cybersecurity breach – they were hacked, maybe by China – resulting in the exposure of personal information of the government agency’s 800,000 employees and an unknown number of consumers.

Sadly, revelations of major corporate hacks have become commonplace, and most consumers (myself included) simply brush them off without much of a second thought. This was the case for me when I read headlines of the USPS attack. It’s potentially notable from a nation-state-level espionage perspective, but being that I’m not an employee of the USPS and I have little day to day interaction with what I view as a dying organization, I had no reason to believe this particular incident affected me directly.

So, about that email.

I awoke this morning to an email from Billguard alerting me that I had, in fact, used a credit card at a USPS branch during the period affected by the breach. This was news to me. It turns out that I was on vacation a few months ago and had to send a package home. I had completely forgotten about this. Fortunately, while it will likely take months for the USPS – or any other merchant in a similar scenario – to contact affected consumers, Billguard had an email in my inbox within 24 hours of the breach announcement.

Billguard sent the same email to a total of 113,240 affected users who had payment card charges from the USPS during the period in question, according to VP of Marketing, Mick Weinstein. It turns out that the nature of this particular breach means it likely only affected consumers who had contacted USPS customer service during the period in question – I didn’t – and is unlikely to have compromised payment details around non-customer service transactions. But without knowing which of its users were affected, Billguard proceeded to notified all of its users who had made payments.

“We don't know how many of [these 113k users may be affected], but we thought it was important for everyone to get a heads up, since it's usually weeks or months before the merchant gets around to contacting affected customers – if they do at all,” Weinstein said by email. “BillGuard is almost always the first to contact customers of a breached retailer, in time for them to take the most important action they can take right away: checking their accounts carefully for anything they don't recognize.”

This is not the first time that Billguard has served as the first notification to many consumers that their payment credentials may have been breached. The company keeps a running list of prior breaches, the number of affected users notified, and customer testimonials speaking to their first line of defense status. These incidents including the recent Staples breach (45,173 Billguard users), K-Mart (14,665 users), JP Morgan Chase (108,243 users), Home Depot (97,582 users), Dairy Queen (38,883 users), UPS (21,894 users), and Albertsons (17,259 users)

So if you aren’t sufficiently scared straight from ever trusting a merchant with your credit card information again, hopefully you’re at least reminded that being vigilant about your account activity is essential. As Billguard demonstrated today, its toolset and service is among the best options available for this purpose. As an aside, the above stats are as good of an endorsement of Apple Pay or Bitcoin, and against CurrentC as any.

One of the most persistent myths keeping consumers vulnerable is the belief that banks catch the majority of payment fraud. The reality is that they miss more than half of known fraud (and by default, 100 percent of unknown fraud) according to Billguard.

“The only thing you can do is be super vigilant and use tools that help,” Weinstein says.

Read the full Billguard data breach email notification below:

We’re reaching out to notify you that a large data breach has taken place at the U.S. Postal Service (USPS) during a period when you made at least one transaction at a USPS online store or at a post office.

The data breach apparently did not affect payment card info, but if you contacted USPS's customer support before or after your transaction(s), your personal information may have been exposed.

The USPS disclosed yesterday that hackers gained access to its IT systems from the beginning of this year to mid-August. The data breach exposed particularly sensitive information on USPS employees, and the hackers also gained access to names, addresses, phone numbers and emails for 2.9 million USPS customers who contacted its customer support centers by email or phone.

Read more about the USPS data breach on CNN or our blog.

What to do now?

  1. Don't panic - usually, most consumers are not hurt by a data breach.
  2. Be on the lookout for fake emails, letters and phone calls asking for personal information. This is often used by crooks to supplement the information from a data theft, to perpetrate identity theft.
  3. Review your credit and/or debit card transactions closely in BillGuard: Click here
If you see a suspicious charge, flag it in BillGuard to contact the merchant and helpBillGuard better protect you and others.

If you suspect your card has been used fraudulently, contact your card issuer (typically your bank) immediately. The contact number appears on the back of the card.