Even though Sony promised to provide a year's worth of identity theft protection for affected customers, part of the responsibility for safeguarding against such theft lies with us. As such, we spoke with Mike Prusinski, the Senior Vice President of Corporate Communications for LifeLock, an identity theft protection service. We asked him about what we should be doing to protect our identities online -- and what Sony could have done better in the first place.
Massively: What are the most common ways that people have their identities stolen?
Mike Prusinski: Though there are no statistics that point to one way over another, consumers get their personal information lost through stolen laptops, hackers, stolen mail, trash, skimming devices, scams (email, phone calls and personal visits), peer-to-peer networks and public websites.
What are the consequences of stolen identity?
Depending on what the criminal has, he or she can do everything from open credit card accounts, get medical treatments, buy a house, car or cell phone, file your tax returns before you do to receive a refund, or even commit a crime.
Can thieves do much with a stolen password or birthday if they don't have credit card info or a social security number?
Remember that in most cases, the objective with stealing or having personal information is to convert it into cash.
If someone had only your username and password from a Facebook or MySpace account, all he would need to do is log back in pretending to be you, change the username and password in order to lock you out, and then send a message to all your friends asking for money because of some trouble you're supposedly having (though a lie) or send a video file with a virus which can do a variety of things, including capturing keystrokes or indexing your hard drive.
First, make sure all firewall and anti-virus protections are current and working. Secondly, when shopping online, make sure you are on a secure website. The address line should have https:// before the actual site address. Third, never shop with a debit card online. This provides direct access to your bank account and doesn't provide the same protections as credit cards. If shopping online, use a credit card or gift card which will provide you with built-in protections or limited funds that could be lost.
What is the best way to make a password that's hard to break?
Passwords should be at least 12 characters long and include capital letters, symbols and numbers. Though it might be easier to remember the name of your child, pet or alma mater, there is computer software available that would be able to crack these in seconds.
Have you seen situations like the one we're witnessing with Sony before? Does this happen often on a smaller scale?
Data breaches happen each day. Millions of U.S. consumers are notified every year that personal information has been lost. Through the first four months of this year, there have been nearly 200 data breaches affecting more than nine million Americans. This doesn't even take into account the data breaches from Epilison, the State of Texas Comptroller Office, and Sony.
What would you recommend Sony do in the future to protect customers from identity theft?
Protecting the data is the first step in protecting its customers. Organizations that collect and store personal information need to take whatever measures possible to protect the data it forces consumers to hand over in order to conduct business. While criminals will always be working to get through the toughest security systems in organizations that encrypt data and have other security measures in place, you can at least not make it a walk in the park.
Thank you for your perspective and advice!