Sometimes You Just Have to Share

You want to keep your information private, but banks, government agencies and a variety of other companies need your info. What can you do about it?
July 2011
by Robin Wark

We all know we need to be careful with our personal information - credit card numbers, bank account information, Social Security or Social Insurance numbers and similar data. But, what happens when the organizations we entrust with that information are hacked?

In 2010, more than 13 million records were part of security breaches relating to computer hacking or malware, according to the Privacy Rights Clearinghouse, a non-profit consumer group. The actual number of records affected could be even greater as the above data is only from the 58 incidents that were made public.

The companies being targeted are not mom-and-pop operations, but rather major corporations and institutions, including banks. Earlier this year more than 200,000 Citigroup accounts were compromised by hackers. The Citi Account Online system was breached, which contained such information as names, addresses and account numbers. Data such as dates of birth, social security numbers and credit card security codes were on other servers and not obtained, according to Citigroup.

Sony, Nintendo and Sega are companies people often turn to for fun. However, each has been hacked in the last six months. For example, more than 77 million customer accounts of Sony's PlayStation Network and Qriocity services were compromised in an attack on 10 of the company's California-based servers. The information in these accounts included names, e-mail addresses, billing addresses, phone numbers, gender and birth dates. A trio of New York men have filed suit and are seeking class action status, alleging Sony was aware that inadequate security systems placed it at an increased risk of attack.

What to do about a data breach?
So, you have been informed that some of your information might have been compromised due to the hacking of a company you deal with. What do you do? In an article on More Money, the personal finance blog of Money magazine, Privacy Rights Clearinghouse's Paul Stephens had some suggestions and said it varied on what kind of data has been stolen.

  • Social Security or Social Insurance number: This information can be used in identity theft crimes. This includes taking out loans and credit cards in your name. If you know your number could be compromised, it is a good idea to check your credit report. Many companies allow you to do this once a year for free.

    You might also want to contact a credit reporting company and ask for a fraud alert. These alerts lets companies know you could be an identity theft victim and to be careful when opening new accounts in your name. You should be aware that this step could make your own applications for new credit more difficult.

  • Bank account or credit card information: If your credit card or debit information has been swiped, you should cancel that card right away. You should monitor your accounts very carefully and contact your bank or credit card company immediately if you notice something wrong.
  • Email addresses: In cases such as these, spear phishing might occur. Unlike standard phishing attacks, which send generic emails to thousands or millions of people, spear phishing is targeted for just one person, and their information. Most often the criminals are after your money or more of your confidential information for identity theft crimes.

To Protect Yourself
Jerome Segura, ParetoLogic's security analyst and author of the Malware Diaries blog, said there are some steps people can take to protect themselves against these kind of attacks.

  • Only give what is required: Segura suggests leaving blank any optional field in online forms. The less information that the company has, the lower the risk of identity theft.
  • Use different passwords: Do not use the same passwords for all of your accounts, such as Facebook, Twitter, Gmail, and PayPal. With the same password for every account, when one account is compromised, that means the criminals can make their way quickly into the others.
  • Deactivate unused accounts: If you no longer are using a bank account or social media service, you should cancel the account rather than letting it sit dormant. The account still has your information and could be used against you.
  • Separate your financial accounts: If you regularly shop online, you should consider having a credit card with a low limit that is not tied to your other accounts, especially your savings account. If the information for that card is stolen, it would not affect your other finances.
  • Make a list of online services you use: If you learn your information has been hacked, it is important to check the integrity of your other accounts. If you keep a list, this process is a lot easier.

In general, Segura said people should be careful about what information they divulge online. He suggests that people do a search online for information about themselves. If there is anything they feel could be harmful, they should attempt to have it removed, although this might be easier said than done.

As far as providing your personal information to companies and government agencies, it is inevitable. Many require this information. However, you can take some precautions to limit the risks.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.