7 lessons from the eBay data breach

David Pollino
Posted by David Pollino
Security

Someone asked me the other day for my thoughts on eBay’s announcement that hackers had stolen customer information, including email addresses and birthdates. My quick thoughts:

Hands typing on a dark laptop, with coding lines visible on the screen.* These cyberattacks will continue to happen. That means you should take precautions, including developing strong passwords.

* Try not to reuse passwords. eBay has recommended customers change their password. If you’re using the same password elsewhere, you are vulnerable to ID theft and fraud through those other sites.

* Sign up for account alerts. Alerts are one of the best ways to protect your online accounts. Email and text alerts give you timely notifications of activity on your account, which can help you react to suspicious or unauthorized activity quickly.

* Keep your contact information up to date. Companies are generally pretty good about alerting customers when a cyberattack has occurred. Those alerts only work if they reach you. So make sure you keep your email address, phone number and physical address updated in your user profile to ensure you receive security alerts.

* Don’t panic. Monitoring accounts is now a necessary responsibility for those of us who do a lot of buying, browsing and socializing on line. Review your online account details and transactions at least once a week (or more) to check for unauthorized or suspicious activity. Notify your financial institution immediately if you identify any unauthorized or suspicious activity.

* Watch for phishing. Data breaches can be leveraged for social engineering, in which scammers manipulate people into divulging personal information. So in the wake of a breach like eBay’s, I encourage people to be particularly alert for attempts at phishing and vishing and the newer SMS texting-based variation, smishing. Customers should be cautious if anyone contacts them via phone, letter, SMS or email claiming to be eBay, PayPal or any company requesting for additional sensitive information.

* Use password best practices. Take a look at my recent blog post on password tips.

Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Change Matters site. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Change Matters site.