Taken from PC World Magazine, July 2011 Edition

In 2011 alone, tens of millions of users have had personal information exposed or put at risk in some way by data breaches at Epsilon, RSA Security, the PlayStation Network, among others.

The impact of a data breach depends on what information is compromised and what the attackers do with the data they steal.  If a breach is limited to exposing e-mail addresses, as was the case with the Epsilon data breach, the main concern it raised is the possibility of targeting phishing attacks.

If a breach exposes personal details such as names, addresses, birth dates, Social Insurance numbers, and driver’s license numbers, identity theft becomes a serious concern.

The worst case involves the loss of actual bank account or credit card numbers.  The attacker can use your credit card information to buy things or – with additional information such as your account password – drain your bank account.

To safeguard your information, begin by assuming that your data will be stolen at some point.  This mind-set will encourage you to be careful about which businesses you trust.  First, don’t share your primary e-mail address thoughtlessly.  Instead, setup a dummy webmail address to use for the express purpose of signing up for websites. Second, don’t supply real information if you can avoid doing so.  One option is to invent a fake persona for signing up on websites.  You can use your real name if you like, but enter fake mailing address and phone number, and use that dummy webmail address.

One big mistake that people make is to use the same username and password at multiple sites.  Yes, remembering 50 different usernames and passwords is a daunting task, so I recommend employing a different username and password only on sites that you rely on or that grant access to sensitive information such as you bank or credit card.  Then, you can use a different username and password combination on all the other sites.

If you get an e-mail that has spelling errors or poor grammar, delete it.  Legitimate companies sometimes mangle spelling or grammar, but a poorly worded message is often a tell-tale sign of a phishing attack.  On the other had, some phishing emails look legit.  The crucial rule is this: Never supply your username, password, account number or any other sensitive information via e-mail.  No legitimate company will ever ask for this information to be send to them… and if they do, the don’t deserve your business.

Consider not giving any site access to your bank account information.  Get a disposable credit card, or use a service such as Paypal for your payments.  Some banks are even starting to offer virtual one-time use only credit cards.

Early detection is the key to survival.  Scrutinize your bank and credit card statements so that you can identify suspicious activity and address it as quickly as possible.  Doing so will help minimize the resulting damage.