E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: CNN Money

Posted on June 30, 2011

If some of the world's largest corporations can't manage to keep your personal and financial data safe, is there anything you can do to protect yourself?

A recent string of cyber attacks on companies such as Sony, Citigroup and Nasdaq - organizations you'd hope would know something about data security - has spotlighted the vulnerability of personal information that could be used to steal your identity. The latest breach of customer privacy came a week ago, when gaming company Sega admitted that the email addresses, dates of birth, and encrypted passwords of nearly 1.3 million customers had been compromised.

The frequency and scope of these successful attacks is shocking. This year alone, more than 13 million records have been involved in security breaches related to hacking or malware, according to non-profit consumer group Privacy Rights Clearinghouse. And that's only from 58 such incidents that were made public.

One possible solution is stronger legislation. Earlier this month, Sen. Patrick Leahy (D-Vt.)reintroduced the Personal Data Privacy and Security Act for the fourth time since 2005. The bill, which requires companies to strengthen protections and imposes stricter penalties on hackers, would supersede a patchwork of state data breach laws. The bill also makes it a crime to conceal a security breach, unless the compromised information poses "no significant risk of harm."

The recent spate of high-profile data breaches may provide political momentum to Leahy's bill. But strengthening protection of sensitive information requires a technical fix, not just punitive measures, says Lauren Weinstein, cofounder of People for Internet Responsibility.

Evidence for that, says Weinstein, can be found in May's Citigroup hack. On June 15, the company announced that its credit card breach affected more than 360,000 customer accounts, a significantly larger figure than previously stated. According to The New York Times, hackers exploited a simple loophole to access financial data, logging on to Citi's credit card customer site and plugging different numbers into the web browser's address bar, giving them access to other accounts.

"They did it by using the oldest trick in the book," Weinstein said. "That's the kind of problem we were seeing in the very early days of web commerce, and for something like that to show up now is depressing. I don't think you can legislate away that mistake."

So what can you do to minimize the damage of a data breach? That depends on what information is stolen, says Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse. Here's his advice:

1. Social Security and Social Insurance Numbers

If your Social Security number has been exposed, says Stephens, you should check your credit reports regularly, and place a fraud alert - or perhaps a security freeze - on your credit report. Start at AnnualCreditReport.com, the official site to get a free credit report from each of the country's major consumer credit reporting agencies: Equifax, Experian and TransUnion. (Each offers one free credit report every 12 months.)

Fraud alerts notify potential credit grantors that you may be a victim of identity theft, so that they'll tread more carefully when setting up a new financial account. A call to just one of the credit reporting companies will help you set up a fraud alert with all three for at least 90 days.

A security freeze can "lock" your credit report, to prevent potential identity thieves from opening any new accounts. Each company - and state - has its own policies regarding setting up and removing freezes, but the process is usually free if you're a victim of identity theft. (Consumers Union offers a comprehensive list of policies.) Keep in mind that taking these steps could also make your own applications for new credit more difficult.

2. Financial account information

If information about your debit or credit card is stolen, you should immediately cancel the account, says Stephens, and carefully monitor your financial statements to make sure your information is not being misused. This is particularly true if it's information about your debit card, he says, since it offers consumers fewer protections against misuse. "A debit card is a direct pipeline to your checking account,"he says. "The money is almost immediately drawn from your account, and you'll have to fight with your bank to get it back."

3. Email addresses

Compared to a compromised credit card number or Social Security number, an exposed email address may seem innocuous. But when your email or other account details are compromised, Stephens says, you should be on the lookout for spear phishing: targeted email that poses as a legitimate message to solicit even more information.

"Unless you're 100 percent certain that an email is legitimate, our advice is, when you receive an email asking for any information, don't respond to it," he says. Instead, if it appears to be an email coming from your bank or credit card company, give the company a call, or pay a visit to the official website.

As for protecting yourself in advance, the most important thing you can do is use different passwords for every account, since hackers who have your password for one website can easily test to see whether it works with similar usernames on other websites.

Unfortunately, nothing is foolproof. "The only way you can limit your exposure is to never give your information out to anybody - and you'd have to live on a deserted island to do that," Stephens says.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.