Since you're reading this, it is safe to assume that you have an online presence.  If you've signed up for an online service, there's a good chance that your information security has been copied.  If you have a loyalty card or other continuing presence, it's more likely.  

Security has a number of components.  Let's start with you - if you never give away any information, nobody can access it.  But, if you sign up for everything with the same email account, you've created a link between each record.  If you use the same email for your banking and your Facebook accounts, then you've created a way for people to see your social presence and to link that to your financial records.  Facebook maintains very tight security controls on the information so you're probably safe but it's one strand in a web on details.  

If you had an account with Target a few years ago, you were probably one of the 140,000,000 people who had their details stolen.  Names, often email accounts (to link them to other profiles), encrypted passwords, maybe even social insurance number and credit card information.  Target wasn't completely faultless - there are good analytic reports on where they failed - but they had passed one of the most stringent Security certifications less than a month before the thefts occurred.  Not even certification could save them.

One of the latest exploits hit the food delivery app DoorDash.  The hacker could have accessed nearly 5M subscriber records (name, address, last four digits from your credit card, email address - which you probably use for your online banking, and phone number).  They also got 100,000 delivery person drivers license numbers and some bank account information. The early reports sound very similar to Target - access came through a third-party supplier who had privileged access to accounts and didn't have the same levels of security.

So, what can you do.  If you're laid back enough, you can stop worrying.  Assume that someone has access to information that you didn't want to share but that there are limits.  If someone calls you and uses your credit card information as verification, that's no proof that they're real.  Get a call-back number and return their call.

If you want to be extremely safe, use a different email address for each account (lots of services provide them without charge).  Use a password protection service and use random passwords that are different for each account. Even your street address could have subtle changes (change out a letter or swap characters ... the postal services will figure it out ... or add a letter at the end of the street address ... something to create a difference.

If you're a business, protect your online presence as if your livelihood depends on it.  Learn about OWASP and the top threats. Stay on top of security. Monitor access to key files (the "crown jewels" of your business) and make sure that you or your IT department keep on top of growing risks by belonging to update organizations such as Threat Exchange.  Encrypt all data and add extra layers of secret where possible.

One place to keep an eye on the security scene is IBM’s X-Force Exchange. You need a (free) IBM-id to get the full value. This should be OK for most people to follow but, if you want a walkthrough in a future blog, let me know in the comments below.