How to safeguard your identity online

The following tips come from the Federal Trade Commission:

  • Avoid phishing emails. Don't open files, click on links, or download programs sent by strangers.
  • Be alert to impersonators. Don't give out personal information over the Internet (or by phone or mail) unless you've initiated the contact or know who you're dealing with. If a company that claims to have an account with you sends email asking for personal information, don't click on links in the email. Instead, contact company service through the company's website or by phone and ask whether they really sent a request.
  • Encrypt your data. To guard your online transactions, use encryption software that scrambles information you send over the Internet. A "lock" icon on the status bar of your Internet browser means your information will be safe when it's transmitted.
  • Keep passwords private. Use strong passwords with your laptop, credit, bank, and other accounts. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, "I want to see the Pacific Ocean" could become 1W2CtPo.
  • Don't over-share on social networking sites. If you post too much information about yourself, an identity thief can find information about your life, use it to answer 'challenge' questions on your accounts, and get access to your money and personal information.
  • Use security software. Install anti-virus software, anti-spyware software, and a firewall. Set your preference to update these protections often.

In addition, some free services help you guard your data:

  • Credit Karma, a lead generator that makes cash from marketing credit cards, allows you to check your information without having to ever pay for the privilege.
  • BillGuard, a New York City startup, crowd-sources fraudulent charges — that is, it lets consumers share information about scams and alerts participants to suspicious activity on their bank or credit card statements.

Finally, several commercial vendors, including the major credit rating agencies Equifax, Experian and TransUnion, offer identity-protection services.

For a comprehensive overview of identity crimes, look to the Center for Identity Management and Information Protection at Utica College (Google "identity crimes Utica College").

10 worst data breaches

The firm Risk Based Security, which tracks data breaches, tallied 2,149 known breaches in 2013, exposing over 822 million records. That makes last year the worst the company has recorded. Three of the year’s breaches made its list of the 10 largest of all time. Here’s that list:

  1. Adobe Systems, Inc.: In March, 2013, Adobe lost data on 152 million customers, including credit card numbers, names and passwords.
  2. Shanghai Roadway D&B Marketing Services Co. Ltd: In March, 2012, the firm illegally bought and sold 150 million customers' information, including names, addresses and financial information.
  3. Unknown organization: In June, 2013, North Korean hackers obtained personal data on 140 million people, including Social Security numbers (or non-U.S. equivalents) and email addresses.
  4. Heartland Payment Systems: in January, 2009, the fifth largest credit card processor lost the card numbers of 130 million people.
  5. Target Brands, Inc.: In November and December, 2013, hackers stole 70 million customer names, addresses, phone numbers, and email addresses, as well as 40 million credit or debit card numbers with expiration dates, PIN and security codes.
  6. TJX Companies Inc.: In January, 2007, the company lost data on 94 million T.J. Maxx customers, including names and credit card numbers.
  7. TRW: in June, 1984, hackers obtained Social Security numbers (or non-U.S. equivalents) and financial information on 90 million people.
  8. Facebook Inc.: In July, 2008, Facebook publicly exposed 80 million users' names and birth dates.
  9. Sony Corp.: In April, 2011, the company lost 77 million names, addresses, email addresses, birth dates, passwords and other account information.
  10. Pinterest: in August 2013, the website exposed 70 million users' email addresses.

Source: Risk Based Security