Author: Vanessa Taylor, NASBA Risk & Compliance Manager
Posted: May 2011

The emails began slowly, but a trickle turned into a downpour as the magnitude of the recent breach at Epsilon, a Dallas-based marketing firm, became known.

The company’s email lists, which it maintains for such major companies as Citigroup, Best Buy, Walgreen’s and many more, were hacked in early April. And while the company insists that only a person’s name and/or email information was obtained by the thieves, Epsilon sends out 40 billion emails annually for around 2,500 clients, so chances are good that your information could be in the wrong hands.

What does this mean? Experts say that while the hackers didn’t get access to such sensitive information as account numbers, just by getting your email they can now push a barrage of phony, “phishing” messages your way to attempt to glom onto account, banking and other personal data.

“If you shared your email with Chase, Target, Walgreens, Marriott or any of the other companies affected, your email may be in the hands of some not-so-nice people, and you and may receive some not-so-real emails,” says Vanessa Taylor, NASBA’s risk and compliance manager. “Generally, no bank, school, or other trusted source will send you urgent emails requesting you to ‘click the link below’ to ‘update or verify your information.'”

Taylor says this goes for work-related emails, too.

“Be cautious with work and personal emails; do not click on the links,” she says. “Go to the company website directly or contact them by phone. People have developed a false sense of security in general, and so when things like this breach happen, it’s easy to lose track of how easily you can give up your personal and identifiable information.”

Rather than get educated in an unpleasant way about identity theft, Taylor recommends becoming more savvy about how you put personal information online, and how you share such data in any kind of Internet communication.

“There are ways to protect yourself that you may not be thinking of, so don’t bury your head in the sand. You can communicate online and live your life securely if you just pay attention to some basic rules.”

?Want to learn more? Here’s a site that Taylor recommends because it covers a lot of those basics: www.ftc.gov/bcp/edu/microsites/idtheft.