The recent breach of Epsilon, an email marketing services company, emphasizes the fallacy of Online Privacy. There just is no such thing. But what do you do when you have trusted your private information to firms and financial institutions you deal with and someone breaches the security of the databases where that information is stored?
While the Epsilon breach reportedly only involved names and email addresses, not financial information, you should know how to deal with more serious data breaches where your personal financial information may be at risk. Here are five steps to take if you are notified of such a situation:
- Immediately change the passwords on all of your banking, credit card, and other online payment accounts and be sure they are all different. Do not use the same password for all of them and make sure the new passwords are unguessable.
- Change the passwords on any email accounts that you use for transacting business online.
- Be very alert to any phishing attempts arriving in your email the pretend to be from the affected accounts and monitor your accounts closely for unauthorized activity.
- If you suspect any unauthorized activity, immediately contact the financial institution. They will work with you to resolve any issues.
- Educate yourself on, or review the actions you should take in the event your identity is stolen, or if you suspect it has been. The FTC publishes an excellent guide: Take Charge: Fighting Back Against Identity Theft.
Please note that there is a big difference between simple fraud and identity theft. A data breach of any kind could lead to both. Someone using your stolen credit card is not the same thing as someone using your name, Social Security number (or other government-issued identity numbers), and other personal information to open credit accounts in your name, nor is it the same as someone posing as you to access your bank accounts.