If you do any kind of business online, even just signing up to have ads emailed to you, odds are that hackers somewhere have already grabbed pieces of your identity.
One of the highest-profile data breaches of late happened in San Diego in April, on Sony Playstation Network servers housed at an AT&T data center. Not only was Sony's Playstation Network hacked, but other divisions of the company worldwide were hit by various cyberattacks—again and again—over several days.
Police in Spain last week announced the arrest of three people they said were responsible for some of the attacks, but not the Playstation Network data breach.
The police website was promptly attacked and put out of service temporarily.
More than 100 million people were affected by the Sony breach, and the Playstation Network was offline for more than a month. Sony physically moved its servers from the San Diego data center to a new center in a secret location.
If a high-tech company like Sony has trouble protecting itself, who can?
As it turns out, not many.
The list of large companies affected by direct or indirect data breaches in the last several months reads like it came straight from Forbes: Citibank, Bank of America, Chase, CapitalOne, Walgreens, Target, Best Buy, TiVo, TD Ameritrade, Verizon, Ritz Carlton.
The International Monetary Fund was hacked last week. Google has been hacked.
The Privacy Rights Clearinghouse estimates that more than 530 million consumer accounts have been compromised in 2,520 known data breaches since 2005. There have been 251 reported incidents so far this year.
Many of these breaches might at first glance seem relatively innocuous. Several of these companies have lost customer's names and email addresses to hackers through an enormous data breach at Dallas-based Epsilon, a third-party marketing company.
But even these breaches are dangerous and expose consumers to “phishing,” in which email appearing to come from a trusted source – one you already do business with – asks you to log in to a faux company page or to click on a link that then installs spyware on your computer.
It turns out hundreds of the nation's largest businesses use third-party companies like Epsilon to handle their customer relationships, meaning that when you think you are giving Walgreens information about you, at least some of that information goes on to a company you know nothing about.
Some breaches are far more dangerous, and at least some appear to show incredibly lax security. Sony reportedly stored customer passwords unencrypted, making them easy pickings. All hackers have to do is try those passwords on accounts linked to the same email address and—bingo–they're into your bank account if you use the same password over and over.
What should you do? The first, most obvious answer, is to be aware of how vulnerable we all are.
View any emails from companies with which you do business with a skeptical eye. Hover your mouse over a link you're asked to click on and check the actual address in your Web browser's status bar. Is it really the company's URL?
Use one email for commerce, another for personal use. At least you can cut down on spam on the account you use to correspond with friends.
Don't reuse the same password for multiple accounts. (OK, I'll admit to this. But I only do it for accounts not demanding security, i.e. a personal recipe box, never for an account that uses credit-card data.)
There are several good password generation and protection programs out there. One that gets good reviews and actually makes logging in easier for you by automatically filling in your user ID and password is LastPass, which is free and integrates with your Web browser.
Use a credit monitoring service. If you've been the victim of a credit-card data breach you should have been offered free use of a service for a year or longer. Make use of it. There are other options that are cheap or free to use: members of AAA, the Automobile Club of Southern California, can get free monitoring; Costco members can get discounted monitoring.
Keep your software up to date. Microsoft and Web application developers are constantly updating their software to deal with security flaws as they are discovered. These include not just Web browsers but also helper applications like Adobe Acrobat Reader and Flash, or Apple's Quicktime and Microsoft's Media Player.
And, finally, use a good antivirus program that also protects against phishing and spyware. The best also integrate with browsers to warn you if you are about to visit a known scam site.