The former RBC customer's accounts were compromised three times in at least two different branches of the bank, apparently by someone without a client card or PIN who managed to withdraw tens of thousands of dollars.
"It's an unprecedented story in recent years. I cannot recall anything like this," said Avner Levin, director of Ryerson University's Privacy and Cyber Crime Institute.
"That it was in person, that it was done multiple times, and at the same bank, I'm really taken aback," added Kelley Keehn, a personal-finance expert and author.
Although anti-fraud experts noted that Johnston's case is rare, they said most consumers can avoid experiencing that kind of stress and financial heartache by adopting some new habits and correcting some bad ones.
Get ahead of the potential problem
It never hurts to give a heads-up to your credit bureau, whether or not fraud has occurred, advised Keehn.
Putting a proactive fraud alert on an account for as little as $5 through TransUnion or Equifax would ensure that anyone attempting to apply for credit in that person's name would send out a flag alerting the lender to call the applicant directly first.
"If you haven't been a victim but you're still scared of all these breaches, you can still get that extra layer of security," said Keehn, author of Protecting You and Your Money, a 2014 identity-theft and fraud guide published by the Chartered Professional Accountants of Canada.
Beware of oversharing online
Resist the urge to brag. Vacation announcements, life milestones and financial achievements might be interesting news to share with friends, but it can also entice enemies seeking to exploit your social media activity for their gain.
"Everything you post online tells a story about you. It's your birthday, or you go to this university, or you post that you just got a line of credit from the bank," said Athena Mailloux, program co-ordinator for the Fraud Examiners' program at Humber College.
"A lot of people don't realize when they're tweeting out all these bits of information, a fraudster's job is to troll and put the story together to then become you."
Don't neglect your freebies
By law, you're entitled to one free credit report per year anyway. So why not keep abreast of your credit score? Take the time to go through it in detail. If there is a discrepancy, call the 1-800 number on the back of your debit card and request to speak with identity-theft assistance services.
"That's free as well, so take advantage of it," said Mailloux, who owns a practice as a forensic accountant and has helped design identity-restoration services for credit card firms.
"Call the number on the back of your credit card or debit card, and they can refer you to free services where you can just ask general questions about how to protect yourself," she said.
The Canadian Anti-Fraud Centre also has a toll-free line and a victim assistance guide for consumers who suspect they have been defrauded.
Keep a close eye on the mailbox
If you receive statements by mail, be aware of your billing cycles. It may even be worth logging your bills as they come in and providing a padlock so a postal carrier can lock your mailbox upon delivering mail, lest your statements with your financial details fall into fraudsters' hands.
If expected mail doesn't arrive on time, look into it sooner rather than later, said Daniel Williams, a spokesperson with the Canadian Anti-Fraud Centre.
"You'll spot it way quicker than if you wait around until you smell the smoke and see the fire," Williams said. "Criminals are very clever at only redirecting one person's mail in a household so you might not notice the total volume going down to the point where it would be an issue."
Shop securely online
Stick to trusted online retailers when making purchases online with a credit card. Rob Goodfellow, a former Ontario Provincial Police superintendent who heads the private investigations firm Investigative Research Group, suggests consumers look for signs of secure payment such as PayPal or Verisign.
"I've had a PayPal account that's never been breached, and I always set up an individual account so if somebody does crack into it, they're only going to get my limited funds in there," he said. "Keep it outside your mainstream banking."
Goodfellow also warns shoppers never to make purchases on public or shared computers. Bit if you do, he said, remember to clear the cache and cookies.
Be smart about paper trails and passwords
Don't leave restaurant receipts on the table, and destroy documents you no longer need.
A paper shredder is a worthy investment, said Bruce Dorris, program director at the Association of Certified Fraud Examiners.
"Everyone should have at least a small one in their house," he said. "People will leave paper checks on their desk, but somebody can take one off the bottom and it's not readily identifiable. Be vigilant about your surroundings."
The same goes for passwords for computers and mobile devices. Dorris suggests changing passwords every month, or at least every three months.
Strong passwords may include a mix of numbers, upper- and lower-case letters and symbols.Suggest a correction