October 22, 2013 – By Nick Diulio
When it comes to security breaches and identity theft, no industry appears to be immune—not even self-storage.
In early September, self-storage company Public Storage Inc. experienced a technical glitch that allowed one of its tenants to view the leasing information of 745 Public Storage tenants while accessing his lease documents online. That information included names, addresses and driver’s license numbers.
“Although we believe that this customer did not make any use of your information, because the information left our office environment in violation of our policies and procedures, we are providing you this notice out of an excess of caution,” Public Storage’s chief information officer, Brent Peterson, wrote in a letter to customers. “We regret any inconvenience caused by this incident.”
According to the letter, Public Storage quickly reviewed the breach and corrected the problem. It also secured its leasing data and assured its customers that the company is diligently monitoring its data storage processes to make sure something like this never happens again.
“Our personal data is out there in so many different places that security breaches like this are just bound to happen.”
Rick Allen
Information systems security professional for PayPros
But this episode raises some critical questions about the security of important personal data. For instance, just how common are breaches like this one? More importantly, what can self-storage customers do to protect themselves from their data being compromised?
“Frankly, I’m really not surprised that something like this happened,” said Rick Allen, an information systems security professional for PayPros, a provider of digital payment technology for many industries, including self-storage. “Our personal data is out there in so many different places that security breaches like this are just bound to happen.”
If you are—or plan to become—a self-storage tenant, here are a few things to consider before surrendering your personal data.
Breaches Everywhere
Not to cause too much paranoia, but chances are pretty good that your personal information (Social Security number, address, phone number and even credit card numbers) are at risk for being compromised or stolen.
“I always tell people that if you haven’t had your identity stolen already, you will,” said Mike Sullivan, director of education for Take Charge America, a nonprofit credit counseling firm. “There are just so many outlets and so many ways it can happen.”
The numbers certainly seem to back this up. According to the 2013 Verizon Data Breach Investigations Report, 621 data breaches were confirmed last year around the world. The breaches involved government agencies, large consumer brands, Internet startups and even big-name financial institutions.
What’s more, most companies (and consumers) don’t even know personal data has been compromised until it’s too late. According to a 2013 report by data security firm Trustwave, it took an average of 210 days from the time of the initial breach for companies to discover they’d been attacked. That’s 35 days longer than it took them to detect breaches in 2011.
While the situation may look grim, self-storage consumers can take these five steps to help protect their personal information from security breaches.
1. Ask the Right Questions.
When the time comes to rent a storage unit, the facility manager most likely will ask for a lot of personal information, including your address, credit card number and maybe even your Social Security number. According to Draz, every consumer should be prepared to ask three important questions about this information:
- Why do you need it?
- How will it be used?
- How are you going to store and secure it?
“Too often, we just blindly trust people asking for the info they need without ever stopping to ask them why they need it,” said Dan Draz, principal at Fraud Solutions, a Chicago-based fraud consulting firm. “Your personal information is a commodity, and you need to treat it as carefully as any other valuable possession.”
For instance, Peter Maginnis, owner of Harrisburg Self Storage in North Carolina, said all of the information he collects from customers—including credit card numbers—is encrypted. This means that even if someone were to hack into his computer network, the hacker would have a hard time deciphering it.
“Security breaches are a real concern for customers, especially when it comes to their credit card information,” Maginnis said. “That’s why we take these precautions. We want to keep our customers’ information just as safe as the stuff we store in our units, so we take every precaution possible.”
2. Get a Copy of the Privacy Policy.
To get a thorough understanding of how a facility plans to store your personal information, tenants should ask for a copy of the company’s privacy policy, said Katie Ross, education and development manager for American Consumer Credit Counseling.
“Every company is going to have one, especially when they are recording so much personal information,” Ross said. “It is going to detail how your information is being used, how long it will be kept on file and what the company does with your information once they no longer need it.”
Maginnis advised customers to do their homework when researching self-storage facilities.
“Make sure it’s a reputable place and that they have all the amenities to allow customers to do business online while also keeping their personal information secure once they hand it over,” Maginnis said.
3. Never Use a Debit Card.
As a general rule of thumb, experts suggest that consumers avoid using a debit card for any recurring financial transaction, such an automatic withdraw of monthly rental fees.
“You should always use a credit card rather than a debit card in situations like this,” said credit expert Scott Bilker, author of “Talk Your Way Out of Credit Card Debt” and creator of DebtSmart.com. “For one thing, if someone gets a hold of your debit card number, that person now has access to your entire bank account. Also, it’s generally easier to put a hold on your credit card if information is stolen or breached.”
4. Never Give Out Your Social Security Number.
According to Charles Burckmyer, president of information security firm Sage Data Security, Social Security numbers are probably the most readily available piece of personal information for would-be identity thieves.
“You could go online right now and buy someone’s Social Security number for anywhere between 30 cents to a couple of bucks,” Burckmyer said. “You need to make sure yours isn’t just floating around.”
One way to do that, Bilker said, is to provide your Social Security number only when absolutely necessary.
“Unless you’re taking out a loan, dealing with a government agency, or dealing with someone writing you a paycheck or sending you tax forms for employment, there’s absolutely no reason they should need your Social Security number,” Bilker said. “If they demand it, I’d either take your business elsewhere or make one up.”
5. Make Data Less Valuable to Criminals.
To accomplish this, identity theft expert Robert Siciliano suggests doing two things.
The first is signing up for identity theft protection, which usually costs about $10 a month and provides consumers with timely alerts anytime personal data is used without your permission.
Secondly, Siciliano said, consumers should “freeze” their credit by calling all three credit reporting bureaus and asking them to put a lock on your credit reports. This makes it impossible to issue new credit to you (as well as any thieves who happen to steal your personal information). It costs about $5 per credit agency and easily can be “unfrozen” whenever you want.
“With identity theft protection and a credit freeze, you are retaining control of your personal information and making it useless to a thief,” Siciliano said. “It’s like losing the keys to your house and then changing all the locks. Sure, some thief out there may have your keys, but since you changed the locks, those keys no longer have any value to him.”
