On the heels of reports that Home Depot experienced a data breach involving its credit/debit care system prompted the Maine’s Department of Professional and Financial Regulation to reissue a press release that it circulated last month following a data breach at the parent company of Shaw’s supermarkets. 

The state’s financial regulation department advises:

Consumers should always thoroughly review credit and debit card statements from the card issuer, and also review all other account statements from their bank or credit union.

If consumers have online access to their credit or debit card information, they should review account activity as soon as possible, rather than waiting for the statement to arrive in the mail.

If a credit or debit card was used at a business that has experienced a data security breach, or there is uncertainty about whether a card was used, consumers should be especially diligent in evaluating charges or withdrawals on their statement.

Since the data breach involving Shaw’s reportedly began in June, consumers should review statements covering June to the present.

If unknown charges or other suspicious activity appear on the account, consumers should notify the financial institution that issued the credit or debit card.

Consumers do NOT need to contact the company that experienced the data breach, such as Shaw’s.

Consumers’ liability for unauthorized use of a CREDIT CARD is limited to $50.  If account numbers have been stolen, consumers have no liability for unauthorized use.  

Consumers noticing unauthorized activity on their DEBIT CARD resulting from a data breach have sixty (60) days from when the bank or credit union sent the statement to report it.  If consumers fail to notify the bank or credit union of unauthorized transactions within this time, they are liable for the amount of the unauthorized transactions.  This 60 day timeframe applies ONLY when the card’s data has been compromised through a data breach, as in the Shaw’s case.  See below for details about when a DEBIT CARD has been lost or stolen.

When a DEBIT CARD has been lost or stolen, consumers have two (2) business days after learning of the loss or theft to notify their financial institution in order to limit their liability to $50.  If they do not notify their bank or credit union about the lost or stolen DEBIT CARD within two (2) business days, consumers may be liable for up to $500 of the unauthorized transactions.  If consumers do not notify their financial institution within sixty (60) days after being provided a monthly statement that lists a fraudulent debit, they can be liable for unauthorized withdrawals of any amount that occur after that 60 day period.

 To be safe, DEBIT CARD holders should act immediately if they notice unauthorized withdrawals.

 If afffected by unauthorized charges or withdrawals, consumers should first call the bank or credit union that issued the credit or debit card, and then follow up in writing to explain the problem.

Some banks and credit unions may issue new cards to customers whose credit or debit card numbers are known to have been compromised through a data breach.

Consumer may ask a financial institution to re-issue a new card if they have concerns about their account.

Again, consumers do NOT need to contact the business that was subject to the data breach; and they need to contact the bank or credit union that issued their credit or debit card ONLY if they notice suspicious activity on their statement.

or more information, contact the Bureau of Financial Institutions toll-free at 1-800-965-5235, or the Bureau of Consumer Credit Protection is 1-800-332-8529.