Story URL: http://news.medill.northwestern.edu/chicago/news.aspx?id=184230
Story Retrieval Date: 5/20/2013 12:10:52 PM CST
Printer-Friendly Version
E-mail This Story
Lauren Daniels/ MEDILL
Walgreen Co. is one of many companies affected by the recent data breach.
Practice safe email, experts advise
by Lauren Daniels
April 06, 2011
Lauren Daniels/ MEDILL
Millions of Americans received emails alerting them that their email address had been breached.
Protect yourself from “phishing” scams
- Don’t respond to emails from any companies that ask for personal information
- Don’t open any attachments or click any links from a suspicious email
- Reputable companies will never ask for personal banking information
- If in doubt contact the company directly
In the past few days, Wicker Park resident Ashley Richardson received eight emails from companies she does business with, notifying her that her email address had been accessed without her consent.
“It makes me really nervous,” Richardson said. “Strangers now have access to my personal email account. I’m going to deactivate it.”
News of hackers stealing the personal information databases has become fairly routine. The March 30 breach at Epsilon, a subsidiary of Alliance Data Systems Corp. may be the largest to date. Epsilon reported unauthorized access to client data in its email system. Epsilon is a third-party vendor used by companies including Walgreen Co. and J.P. Morgan Chase & Co to send email marketing messages, as many as 40 billion a year.
“A lot of Internet users don’t even know that their data is at a service provider. They’ve given their email address to a brand that they have trusted with it,” said email marketing expert Dennis Dayman.
Epsilon said that the information obtained from the breach was limited to customer names and email addresses. Walgreen, Capital One, Marriott International Inc. and other affected companies have done little more than encourage holders of potentially breached email accounts to be cautious of email schemes that ask for personal or sensitive information.
“We have always known that email addresses are a treasure trove for hackers and spammers,” Dayman said. With the Epsilon breach, senders of phishing schemes know that certain people bank at J.P. Morgan Chase or shop at Walgreens, allowing them to send a more targeted, personalized phishing scheme to that consumer.
Once personal information has been breached, there is little an individual consumer can do. Michael Fertik, founder and CEO of Reputation.com, recommends all Internet users take simple actions to lessen the risk of falling subject to another email breach.
“You want to use multiple email address for different parts of your life,” Fertik said. “That way if one email address is compromised, the others remain safe.” Fertik also recommends that consumers browse the Internet in privacy mode.
Dayman warns that the threat to consumer information will not be short-lived. Email accounts can be vulnerable, “not just for this week, but the next two to five years.”
For Richardson the email breach has an even stronger effect: “in the future I’ll make sure the box to sign up for emails stays unchecked.”
Some consumers say that this breach won’t affect them. They don’t share their email addresses with anyone, not even for 40 percent off any one item.
