By now, news of a major corporation like a retail chain or internet-based platform being hacked is hardly news. Companies like Target have been attacked in recent months, and the end result was that millions of customers’ personally identifiable information fell into the wrong hands. How a company responds to this kind of data breach is important, and it can tell consumers a lot about the type of corporation with whom they are doing business.
Typically, when a data breach occurs, a company alerts its customers so they can be vigilant about securing their personal information. This lets those customers whose accounts have been compromised keep a close eye on their bank accounts, their credit card statements, even their credit reports. If the customers do find suspicious activity involving their finances or identities, they can take swift action instead of waiting to find out after months of nefarious spending has happened.
Unfortunately, there’s sometimes a mind-set to downplay an incident or minimize the so-called “bad press” that stems from this kind of hacking event. In those cases, corporations sit on the information and consumers are none the wiser, which can lead to a farther reaching net of criminal activity involving the accessed information.
One such company is eBay. When a cyberattack led to the breach of some 145 million user accounts during the week of May 19th, eBay’s response was to wait several days and then post a cryptic message about the breach on its lesser-trafficked corporate website. After widespread complaints about the message that simply told users to change their PayPal passwords, only then did eBay admit to the breach on the main website, almost a week after the attack.
How serious was the cyberattack? Names, addresses, emails, home phone numbers, and encrypted passwords were accessed, all of which were tied to users’ PayPal accounts. Those accounts are also linked to the users’ bank accounts in order to send and receive payments.
So how are consumers supposed to trust corporations if their interests aren’t being looked after in a timely way? First, and this may seem unfair, the only way to know for certain that you’re being kept in the loop about your safety and security is to assume that companies won’t tell you about a data breach, either because it’s bad for business or because they simply don’t know about it themselves. Taking action like not providing all of your information without just cause can help, such as not providing your real birthdate to social media sites or not giving your home phone number to retail companies.
Savvy consumers have actually started to keep smaller accounts for their online transactions, such as keeping a bank account that isn’t connected to your main checking and savings accounts, or signing up for a low-balance credit card for online use only. Those are tedious steps, but they can help minimize the damage and the work that you have to put into clearing up the effects of a corporate cyberattack.
Make changing your passwords from time to time a part of your online behavior. Frequent password changes can help you stay ahead of any damage an identity thief may attempt. Of course, passwords can only work securely if you use different passwords on different websites, and if you make sure that they are strong, untraceable combinations of letters, numbers, and symbols. Never use an app that stores all of your passwords in your phone or tablet, and make sure that you don’t check the box to remember your password on any computer or device that can be accessed by others.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.