Well, that was some April Fools Day, wasn’t it ?

Epsilon was hacked and confirmed that 2% of their clientelle have had their email lists compromised, Alliance Data confirming that email addresses and their associated names had been stollen from their database.

Bank Info Security has posted a list of companies whose information was compromised. And among these nearly 70 companies are financial institutions, internet merchants and loyalty programs Canadians use.

Most of these companies have already contacted their Canadian customers in regards to this security breach. But what now ?

The Coalition Against Unsolicited Commercial Email advises people to change their email addresses as soon as possible, especially when dealing with financial institutions.

Twelve financial institutions were affected according to CAUCE, namely American Express, Ameriprise Financial, Barclays Bank of Delaware, Capital One, CITI, JP Morgan Chase, Moneygram, Scottrade, TD Ameritrade, TIAA-CREF, U.S. Bank and World Financial Network National Bank. But of course even if you don’t have an account at those financial institutions you should consider changing your email address at your financial institution if you’ve been advised by one of the other companies of this breach on your current email address.

The hackers have probably sold your information by now so you will likely be subjected to emails claiming to be from several financial institutions and online payment companies.

They’re of course hoping people will click on the links included in these emails and provide them with passwords and other information to facilitate identity theft. But of course no financial institution or online merchant will ever ask you to provide personal information by email and these companies always use encypted connections on the internet.

The most recent internet browsers either have a confirmation that the connection is secured or a verification scheme that confirms that the web site you’re visiting is authentic. But of course it is up to the user to keep on eye on the address bar at all times.

Internet users that are versed in Phishing know to look for an https:// and/or a picture of a lock in their address bar because scammers rarely purchase security certificates to scam people out of their information. They usually just stick to variations of a web site address to lure the less knowledgable into providing their passwords or other information on a fake website.

Personally, whenever some company sends me a warning about my account I open up a new tab on my browser and I use my bookmarks to access the site. I never click on the link provided in the email or provide account numbers via email. And if all else fails, I call their toll free number to resolve the issue.

Webmail services also offer anti-spam and anti-phishing options that you might consider using. These have worked quite nicely for me. But of course if push comes to shove the webmail address I use on most sites are disposible.

BTW, if you’re interested in obtaining additional security software or information on related consumer issues, I have some links listed in my Consumer Links that you might find interesting.