Should I seek legal counsel for breach of my information
April 20, 2018 11:49 PM   Subscribe

Last night I became aware that 3 charges were attempted on my accounts and Dominos from different locations in the united states. 2 charges went through on the account I keep money in, one charge was declined on the account that I have as backup. Should I get a lawyer involved? Should I inform my employer?

I have two bank accounts, both with a different assigned debit card. Within 4 minutes of each other, 3 separate charges came from Dominos, in Texas and California (I'm in Virginia). One charge was declined because the card used didn't have any money in the account. Because the order didn't process, I don't really have any information on where the 3rd originated. I'll be calling my bank to see if they know.

I had my debit cards in possession. It appears that they somehow gained access to my Dominos customer profile. On there, I have both debit cards saved. What troubles me, and makes me think it's domino's fault, and not these people individually, is that they are not related in any way. I received 2 emails for the completed Dominos orders. Each one has the name, phone number, and address of the person who placed the order. I've found one of them on facebook, and he doesn't have any friends with the other person's name, or any friends in Texas. I also know they had access to my Dominos customer profile for sure, because my preferred store was changed to the one in California, which was the most recent charge. (I think this is a tick box that's automatically checked when adding a new address)

I don't have a personal computer. I use my phone, and only use my work computer (no library, public computers, etc). All internet activity is monitored/keylogged at work. This would be the only other way that someone could have accessed my Dominos account, if someone at my job (a major healthcare corporation) had taken my information.

Should I inform my employer? The people in my small office?
Should I get a lawyer? If this was a breach of information or, I don't know, Dominos system failed and accidentally used my profile instead of the orderer's, I feel like I should be entitled to compensation. If it was an employee in IT that took my information from my computer, I feel like I should sue them. Is that right? This whole thing is a mess and has caused a lot of financial trouble for me (this was about $100 when I live paycheck to paycheck) and I'm frustrated but also scared.

Side not: Yes i've called my bank, cancelled my cards, am going to set up fraud report, etc.
posted by anonymous to Law & Government (8 answers total) 1 user marked this as a favorite
I understand feeling scared, but as far as financial compensation goes, I'd be very surprised if either bank will do more than restore the lost funds. If you can prove Dominos or your employer's IT department had negligent security practices, then you could potentially sue them I suppose, but you'd have to spend a lot of money to do that, and I guarantee you it'll be more expensive than your lost $100 (which the bank will be obligated to return anyway). It sucks that such fraud is seen as part of doing business, and it doubly-sucks because of all of the pain you have to deal with to get it fixed, but that's kind of where our financial system is at as far as it goes.

If at all possible, I'd highly recommend having and using a credit card that you pay off within the grace period for any online purchases, as the credit card won't be able to "reach" the funds in your bank account until you pay it off, and the bank is obligated to simply waive any fraudulent purchases.

Also, change the password on your Domino's account, just to be on the safe side.
posted by Aleyn at 12:28 AM on April 21, 2018 [4 favorites]

The short answer is that a lawyer is a waste of your time and/or money.

The longer answer is that unless there's a Domino's breach that I'm not aware of (I'm assuming you're in the US), that either your password was guessable or was reused from a different site that was breached and they went through different services trying it until they found someplace it worked. You're probably not going to find out exactly what happened. It sucks, but the truth of the matter is that dozens of dollars of fraud across state lines isn't enough to get most law enforcement interested.

Unless something else fraudulent happens, check your password hygiene and move on with life. It's possible that someone at work accessed your information, but fairly unlikely. Unless you can white a pattern, you're not likely to get too much traction for an investigation, especially if you're in a small office.
posted by Candleman at 12:33 AM on April 21, 2018 [3 favorites]

if someone at my job (a major healthcare corporation) had taken my information.

I think if someone was keylogging, etc. at your work, they'd probably go after much bigger fish vs. trying some bullshit minuscule charge (the Dominos thing) that's going to set off fraud alarms (as it did).

This reeks of your login/password being compromised elsewhere in one of the big data breaches as mentioned by Candleman above. Change all your passwords now.
posted by kuanes at 5:03 AM on April 21, 2018 [1 favorite]

The Domino's charges may have been a test in advance of much higher charges.
posted by megatherium at 5:36 AM on April 21, 2018 [4 favorites]

This is just a fact of modern life, and if you try to pursue it, you will find out that nobody cares. Someone set up a fake account with my credit card at a company. The company wouldn’t give me information because I wasn’t authorized on the fake account. All I could ultimately do was report it to the credit card company and move on.

I even had someone use my debit card in person twice for cash advances at the same bank in one day in a city hundreds of miles away. So someone had to pretend to be me and probably have a physical card (I hadn’t lost mine). And the bank took a week to replace the money, over a thousand dollars, which was a huge hardship. There was nothing I could do. My personal takeaway has been use credit cards instead of debit cards to limit access to my bank account.

The compensation is that you aren’t responsible for the fraudulent charges.
posted by FencingGal at 6:25 AM on April 21, 2018 [2 favorites]

This is pretty small potatoes as far as identity theft goes. Replace the card that was used to make the fraudulent charges, change the password on your Domino's account and any other accounts that use the same password (and make them all different), and move on. Lawyers, police, and your employer will not care about this. Do keep a close eye on your bank account for a month or two and report any new fraudulent charges right away, if they happen.
posted by Anticipation Of A New Lover's Arrival, The at 6:51 AM on April 21, 2018

Nthing that really, this is the cost of doing business is this connected world and nobody will care. Definitely not to the level of lawyering up or informing your employer (what could they do, anyway?). I had a similar experience after someone got into my Netflix account, probably via the myfitnesspal breach, if i had to guess. All you can really do is call and get the charges marked as fraudulent, get your money back or charges reversed, and possibly change account details if need be. Personally i’d make sure to only save credit card details and never debit cards on any account, as then there is no direct access to your bank account, and credit card charges are much more easily reversed and this sort of thing happens each and every day. The short version - don’t stress, it happens, flag/report it, get your money back, and move on.
posted by cgg at 9:34 AM on April 21, 2018

I'd contact Domino's corporate office, not a franchise. See if they can get to the bottom of it. Corporate tends to take customer problems more seriously than a single store or franchise. They'd also want to know if they're system has been compromised or if someone guessed your password and are more likely to go after people who used your debit card to order than local law enforcement. There's no guarantee to this but it's what I'd try first. You might get some free pizza coupons out of it, at least.
I always delete my debit/credit card info from a site after ordering. It feels safer to me with so many businesses having customer info stolen. It might be a pain to put in every time but it is safer.
posted by stray thoughts at 5:54 PM on April 21, 2018

« Older Responsible, casual sex with herpes. Possible?   |   How to NOT make friends at work...but kindly? Newer »
This thread is closed to new comments.