If you haven't heard, hackers stole e-mail addresses from Epsilon, an Irving, Texas-based marketing company that sends e-mails on behalf of its 2,200 clients, which include many major financial institutions and retailers. Epsilon won't say which companies were affected, but local companies Target, Best Buy, U.S. Bancorp and Ameriprise have all sent notes to clients about the breach. Star Tribune reporters Chris Serres and Steve Alexander had the story Tuesday.
Why a stolen e-mail address isn't a crisis
I've learned that my e-mail address has been compromised at least three times in this Epsilon mess. But I'm not losing sleep.
Chase was first to send me an e-mail. Then I heard from Target and Walgreens. I might have received an e-mail from TiVo as well, but honestly I can't remember.
If it sounds like I'm not too concerned about the news that my e-mail address was among the many stolen, you'd be right.
Here's why: I assume scammers are trying to access my credit cards and bank accounts every single day. It doesn't take a highly publicized break-in for identity theft to occur. Think about how often we give out our personal information these days, especially online.
This Epsilon hack is widespread. But the bad guys only have our e-mail addresses. If they'd found their way to passwords or account information, the ramifications would be far, far worse.
I certainly think the phishing attempts will multiply after this security breach. They may even be tougher to spot, since they'll be coming from businesses we have relationships with and the fraudsters can call us by name.
But it's our job as consumers these days to be vigilant protectors of our personal and financial information every single day, not just when we receive apologetic e-mails from big companies about major security breaches.
There are many simple steps you can take to protect yourself, the theme of a column I recently wrote about identity theft:
•Craft a stronger password: Is your password your pet's name? Your mother's maiden name? Your birthday? Not secure enough. Spend some time making your passwords secure.
•Don't click on links from e-mails: Period. Say you receive an e-mail from your credit card company saying your new bill is ready. Don't click the link. Type the Web address in yourself.
•Don't send sensitive information via e-mail: Period. No bank is going to ask you to send your Social Security number online. Think twice.
•Don't open e-mails from unknown senders: Period.
•Avoid using your e-mail address as your username: That way, hackers have to figure out both your username and your password before doing damage. Unfortunately, many companies use e-mail addresses as the default username.
•Use privacy settings on social media: Here you are, fretting about what companies are doing with your sensitive information, and you're letting it all hang out online. Be smart about what you share on Facebook and Twitter, and who can see it.
Do I think that the Epsilon breach will be the "hack of the century," as Computerworld's "Security is Sexy" blog predicts? I wish. Unfortunately, I think hackers will succeed in doing far more damage before we usher in the year 2100.
Nancy Nelson built the “red Swedish cottage” she’d always wanted across the street from her son’s family after her husband’s death prompted a move to south Minneapolis from Roseville.