If hackers obtain more information than just your name and email address--if they get your phone number, mailing address, the last four digits of your credit card number--they can create more convincing and effective phishing schemes that can ultimately lead to identity theft and credit card fraud.
What are the odds of those risks occurring?
Rasmussen and Sjouwerman agree you can count on getting more spam if your email is exposed in a breach. You also need to be wary of "phishy" emails. Four in 10 individuals will fall for a phishing attack, based on Sjouwerman's anecdotal research. He conducted an experiment with one of KnowB4's customers, a defense contractor, in which KnowB4 sent a fake email, allegedly from the company's CEO, to 100 employees whose email addresses KnowB4 found on the web. In the email, KnowB4, posing as the CEO, asked employees to make changes to their benefits via a website KnowB4 spoofed. Forty percent of employees fell for the scam.
Unless your credit card number or bank account information was compromised in the breach, you don't have to worry about financial fraud, provided, of course, you don't give that information to a phisher.
If hackers make off with credit card numbers, you can expect to find fraudulent charges on your next bill, and you should alert credit card companies and credit reporting agencies that your information may have been compromised in the breach. After last year's Sony PlayStation Network hack, some PlayStation Network users began reporting fraudulent charges on the credit and debit cards they used to access the PlayStation service, but at the time there was no way to tell whether the fraud was a result of the Sony breach or just a coincidence, according to CNET.
Obviously, not all breaches will lead to identity theft and credit card fraud - or even extra spam and phishing emails. CIO.com recently contacted 10 individuals whose names, email addresses and passwords were posted to Pastebin after LulzSec hacked PBS last May to find out if they were impacted by the breach. Of four people who responded to CIO.com's inquiry, three said the breach didn't affect them in any way. The fourth declined to comment.
Even if hackers obtain only people's names and email addresses, what troubles people the most, says Rasmussen, "is the feeling of being victimized: Somebody without your permission has published something about you."
Meridith Levinson covers Careers and Security for CIO.com. Follow Meridith on Twitter @meridith . Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Meridith at firstname.lastname@example.org .