Databases hacked, your identity jacked!

Photo: iStockphoto

It seems we can’t go more than a few weeks without our personal information being compromised by a massive data breach.  Last week it was the New York Yankees.  The week before it was the Sony PlayStation network.  And a few weeks before Sony it was Epsilon.  And just to make sure I don’t leave anyone out…now it looks like LastPass (online storage for your passwords) may have been the target of hackers. Each of these high profile data breaches has one thing in common…we had nothing to do with it.

If you believe the marketing ads we’re all just one step away from living in our parent’s basement, working at fast food restaurants, having our credit reports and scores trashed, and even being falsely arrested.  The FTC’s top consumer complaint in 2010 (for the 11^th straight year) was identity theft.  The marketing push seems to be parallel to the statistics but really, other than buying a bunch of credit monitoring services what are we supposed to do?

We’ve all heard the tired advice from experts (including this one) about how to avoid being an identity theft victim.  Shred your sensitive documents instead of just throwing them away.  Check your credit reports several times each year.  And, beware of Phishing, Vishing, Spear Phising, Skimming, RFID Hacking, dumpster diving and mail theft. You need a separate dictionary just to understand all of the ways these dirt bags are trying to scam you.

Other than shredding sensitive documents, making sure your mail doesn’t sit in your box too long, checking your credit reports from time to time, making sure your passwords are complex, and using a little advanced common sense (No, you don’t have a friend stuck in the UK looking for $2,000 to come home) we should be pretty safe from identity thieves.  But what if mega-companies who are entrusted with our sensitive information are not good stewards of the data?  Seriously, what’s more likely to happen…someone stealing old checkbook registers from your garbage or Sony being hacked?

It’s a solution-less problem because you can’t remove yourself from “the system.”  Think about how many places maintain your sensitive information.  Frequent flyer accounts, your tax prep services, your CPA, hotel chains, retailers, banks, brokerage firms, newspapers, employers, credit card issuers, home owner’s associations, insurance companies, airline clubs, domain registrars, public utilities, Facebook, Twitter, Linkedin, mySpace, email service providers…our data is everywhere.  Look at the list of bookmarks in your browser.  How many of those places have your information?  Almost all of them, I bet?

We certainly can’t exit the system and we certainly can’t expect companies to be impenetrable.  What we can do is to be a little less lazy about our login credentials, for example.  We tend to use the same login credentials for multiple online accounts. That makes the Sony breach problematic because login credentials might have been stolen.

And it’s not just credit card numbers or login credentials that put us at risk.  Take the Epsilon breach for example.  You’ve probably never heard of Epsilon but they manage email campaigns for scores of companies to the tune of about 60 million email addresses.  And I’m not talking about John’s Garage.  I’m talking about Chase, TiVo, Best Buy, Disney, Marriott, Hilton, Citi, Ameriprise and dozens of other widely recognized companies.

The hackers now have email addresses for millions of consumers, which makes Spear Phising (email fraud perpetrated on a homogenous group) a possibility.  To make matters worse, the people who hacked the Epsilon database are criminals, but they’re not stupid criminals.  They know the heat is on and the value on the data black market is less than what it will be in 2 years when everyone has forgotten about Epsilon.

The bottom line is we’re vulnerable, both in the electronic and physical worlds.  And regardless of how much time we spend running documents through shredders there will always be exposure.  I’m afraid the best we can do is to make ourselves a little less attractive than our neighbors by being smarter and more careful than they are.

Gotta run, I just got an email from TiVo telling me my service is going to get cut off unless I confirm my credit card information at their site.  It’s a good thing they sent me a link in their email.  Now, where’s my wallet?

John Ulzheimer is the President of Consumer Education at SmartCredit.com, the credit blogger for Mint.com, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry. The opinions expressed in his articles are his and not of Mint.com or Intuit.