http://www.pcmag.com/article2/0,2817,2383085,00.aspSo, they have my email address. Who cares?
Affected companies are stressing that no personal, financial information was disclosed, but email addresses can still be an effective tool for the crafty phisher. More than likely, the emails will be used for spam purposes, but the more sophisticated individual could send out emails that look like they're from a legitimate company.
What do I do?
Main rule of thumb - don't provide any personal information. Best Buy is not going to ask you to click on a link and enter your credit-card information. Citi will not ask you to confirm your Social Security number via email. When in doubt, don't. Call the company to double check, and forward the email to spam@uce.gov.
I'm not pleased. Can I prevent this from happening again?
As you can see from the long list of affected companies, it's difficult these days to avoid companies that deal with third-party marketers. The good news in this case is that no personal financial data was exposed, so if you pay attention to the emails you receive in the future, and avoid clicking on or downloading suspicious links and attachments, you'll probably be OK. You can also create an email address that's used only for e-commerce and company correspondance. It's still annoying, however, and I, for one, seriously considered cancelling the credit cards I have with the affected companies. How hard is it to manage your own email list?
The Coalition Against Unsolicited Commercial Email (CAUCE) has a few suggestions for how companies can avoid this in the future. And as Alex Eckleberry, general manager of GFI Software's Security Business Unit, notes, "this type of incident should not be taken lightly. It's another reminder that privacy is an illusion on the Internet."