If you do any shopping, banking or other business online and it hasn't happened to you yet, it probably will.
Last week, the online retailer Zappos (which is owned by Amazon), sent an email to 24 million of its customers telling them that their personal information may have been compromised in a data breach.
Though credit card and payment data were unaffected, the company said that names, email addresses, billing and shipping information, phone numbers and other information were at risk.
It was far from the worst such attack on our personal data. Last year, Sony battled a series of attacks against its PlayStation Network and online entertainment sites that affected about 100 million accounts. Companies including Citigroup were victims of similar breaches.
The hacking attacks seem to be getting more aggressive, and it’s unlikely we’ve seen the last of them.
So what can you do when you receive an email like the one from Zappos, alerting you that your personal information could be at risk?
Brian Hjelm, vice president of marketing for CSID, an Austin-based security firm, says that the most important step to take is the one that Zappos itself outlined in its email to customers: Change your account password as soon as you can.
“They reset everyone’s passwords instantly — that’s good. It was proactive. They locked down your old one and forced you to create a new one,” said Hjelm, who happens to be a Zappos customer.
Passwords in general are a major problem we have as computer and Internet users. Robots are great at remembering complex, had-to-crack passwords; we humans, not so much. The best passwords are a combination of letters, numbers, special characters, and capital and lowercase letters.
A terrible password: “mydogspot.”
Much better: “!mYd0ggS48t?&”
But good luck remembering that. There are password managers for computers, tablets and mobile phones (1Password is the one I like the most) that can remember passwords and also generate new ones for you.
Having one great password, though, can also be a problem if you use the same one on multiple websites. If one site is breached and hackers get your login (which is sometimes just an email address) and your password, they can access all your accounts.
Another thing you can do is avoid using the same email account as a login for both personal and work-related services. If a breach happens to a site that you do business with, for instance, all your personal services might be hacked, too. Or you could create a separate email address just for shopping and web service signups.
If you’ve been lax, Hjelm says, “you need to go and make sure you’re resetting ALL those passwords. That’s the biggest risk at this point. If you use that same user name and password on your Wells Fargo account, you’re in big trouble.”
Identity thieves, he said, can use fragmented information to piece together enough data to, for instance, apply for credit cards using your Social Security number or draw funds from an online bank account.
Beyond simply changing your password, there are other things you can do, from contacting your bank to reissue credit cards that might be at risk, to issuing a credit freeze through the major credit report agencies to signing up for a an identity protection company’s services that can monitor your accounts and alert you to potential fraud.
“
The worst thing you can do if you haven’t yet had your personal information lost is to wait for it to happen. Now would be a good time to toughen up your passwords, change them across the myriad online services you use and to always be wary of suspicious “phishing” emails that may be pointing you to a different website than the one you’re intending to visit.
About the Author
