The epidemic of data breaches continues unabated. The latest major data breach involves information stolen from and its online shopping sites. Bloomingdales is owned by Macy’s. Although Macy’s only disclosed the data breach two days ago, it was discovered on June 11th and had gone on since April 26th. Among the information stolen was customers’ names, addresses, phone numbers email addresses, dates of birth and debit and credit card numbers and expiration dates for credit cards and debit cards left on file with Macy’s or Bloomingdales. The threat of identity theft to you posed by a data breach is very much dependent on how sensitive is the personal information stolen. At its most benign, email addresses or other similar information may be used by hackers to formulate spear phishing emails and text messages to lure you into clicking on malware infected links which may include ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft. At its worst, such as in the Equifax data breach, sensitive personal information such as your Social Security number can be used directly to make you a victim of identity theft. In this case, the credit and debit card information stolen also makes the data breach more serious. Macy’s is in the process of notifying affected customers by email about the data breach and free credit monitoring services they will be offering to these people.
One lesson from this data breach is to never leave your credit card or debit card number on file with websites for convenience. Your convenience can easily lead to identity theft and fraudulent charges in the event of a data breach. In fact, as I have mentioned many times, you should not use your debit card for any consumer purchases because the consumer protection laws for fraudulent debit card use are not as strong as those that apply to fraudulent credit card use.
So what else should you do?
You are only as safe as the places with the weakest security that hold your personal information. As much as possible, you should limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor may ask for your Social Security number as a means of identification, but he or she has no legal need for it. Also, you should protect your own personal electronic devices, such as your computer and cell phone by always promptly updating all of the programs you use when new updates or security patches become available. Use strong unique passwords for all of your accounts so that if your password is compromised at one company, all of your accounts are not in jeopardy. Also, use dual factor authentication whenever you can for added security.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can go to and find out if your information was affected by recent data breaches. Here is a link to their website.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”