Personal Tech

You've Been Hacked, Now What?



You're going to get hacked. And no matter how careful you think you are, the truth is there's nothing you can do to stop it.

Recent events should make it clear to anyone who uses electricity that eventually some one will make off with your personal data -- not from your computer, but from someone else's. While two companies, Apple and Google, have been caught tracking customers and not being exactly forthcoming about it, other major companies, most notably Sony, have been deliberately hacked.

Sony's network is so seriously compromised, in fact -- including possibly birth dates, credit card numbers, and passwords of customers -- that it's likely to be offline for at least two weeks. And just a few weeks ago, Epsilon, a company that sends out billions of e-mails for companies such as Target, Best Buy, Citigroup, and more admitted it too had been hacked.

Other breeches are due to human error, lost laptops, and digital misadventures. Worse yet, many online businesses deliberately sell your personal data. Most claim it's for innocuous -- but extremely annoying -- marketing purposes. Others claim that the information is aggregated so they can't pin information to you personally. 

What harm could it do? Quite a bit, it turns out.

Beyond the big bucks spent annually on identity fraud, navigation company TomTom just admitted that it had sold anonymous traffic and speed data from users to local governments, whose police departments used the information to set up speed traps. So losing your data can cost you -- in more ways than one. And experts says it's not a matter of "if" anymore, it's a matter of "when."

What can you do about it? The first step is acceptance.

"People should just assume their personal information is exposed everywhere," said Tom Oscherwitz, chief privacy officer at ID Analytics, which assesses the fraud risk and creditworthiness of individuals.

The second step is independence: Don't expect any one to tell you when information about you has been stolen. Businesses aren't always required to divulge a data breach, so to avoid embarrassment, they often don't. One expert told me that of nearly 100 data breeches at U.S. companies so far this year, less than 5 percent have been reported.

The last step is to complain to companies whenever there's a leak. Business will take notice. Just witness how Facebook has had to backtrack on its privacy settings several times because of the uproar from users.

Some analysts suggest that letting people opt out -- like those "do not call" phone lists -- could help solve the problem. But you simply cannot opt out of everything: banks, phone companies, stores, which is where the trouble starts. 

In a vicious digital version of Catch-22, those institutions need specific information -- birth dates, maiden names, etc. -- from you to prove you are who you claim to be, which is exactly the same information that hackers piece together to trick the very same companies into creating false identities and committing fraud.

To try to reduce the risk, Oscherwitz says curtail any poor social networking habits. According to a recent survey by ID Analytics, more than 20 percent of users leave their profile information open to the public -- that's a bad idea.

Better still remember three little words: monitor, monitor, monitor. Get a free credit report from each of the three reporting agencies once a year. Matt McAluney, a spokesman for Equifax, recommends doing this at different times of the year for each of the agencies so that you have a more up-to-date picture of any potential problems.

You can also have a fraud alert put on your account. However, those will only warn you about some (not all) suspicious activities and only last for 90 days (although you can keep calling back to renew it). According to McAluney, some states also allow for credit freezes, which literally lock your accounts, but there may be additional fees involved.

Some skeptics say if you're careful, you shouldn't worry about identity theft or credit card fraud. Don't believe them. I've been a victim not once, but twice. And I recently got a call from my credit card company asking me if I had been buying groceries in the Philippines. 

And guess what? I'm careful. Very careful.

Follow John R. Quain on Twitter @jqontech or find more tech coverage at

John R. Quain is a personal tech columnist for Follow him on Twitter @jqontech or find more tech coverage at