If you have a credit card or bank account, then you may have received an ominous e‐mail alert discussing the data breach that recently occurred at Epsilon, a third‐party vendor which provides marketing services to many companies. Luckily, the stolen information appears to have been limited to the names and e‐mail addresses of only some customers. Apparently, no account numbers or other confidential information was compromised. Nevertheless, names and e‐mail addresses are powerful tools for certain types of cybercriminals known as “phishers” who use social engineering to target potential victims and lure them into exposing confidential financial information.

Users of the Sony Playstation Network may not be as lucky, as upwards of 10 million credit card accounts may have been accessed by hackers in the recent network attack. Sony has been criticized for its response to the incident, and recently put in place a $1 million identity theft insurance policy to cover affected gamers. The danger posed by such data breaches has resulted in the federal government and many states adopting data breach notification laws. If you operate a small business, you may not be aware of your responsibilities under these laws. Further, although many of the state laws are similar, small business owners must be aware that if they have customers in multiple states, they must comply with the data breach laws of each of those states. This begs the question: what are your responsibilities if cybercriminals hack into your company’s computer system and steal sensitive customer data?

Download the full article reprint here.