How to Respond to a Data Breach: A Step by Step Guide
1. Determine what was Stolen in the Data Breach
Sadly, we are used to seeing “DATA BREACH” in the news far too often. In light of the new wave of hacker threats, it’s important to have some base knowledge on what to do if you see a potential threat from a company’s data breach.
The first step is to determine the exact scope of the data loss. A quick google search can reveal the affected accounts.
Next, create a roadmap of response (this is what this guide attempts to accomplish to some degree). You can save yourself a lot of time in responding to a hack if you determine early on what is stolen and what is at risk. Two kinds of lost information exist for security breaches: sensitive data and non-sensitive data.
Non-sensitive information includes things like street addresses and names. This information is helpful for marketing professionals to use but it does not qualify as a true risk since your name and street address are already accessible through many apps and websites.
Sensitive information can range from medical information, social security numbers, credit card information, email addresses, online passwords, account numbers, and any kind of security information that may lead to hacker access to a bank account or information that enables hackers to apply for loans or make big purchases. Most people believe credit card information is the primary goal of the hacker. Did you know that only 26% of identity fraud cases are related to credit? The leading causes of identity theft include:
· Receiving medical care without insurance
· Tax Return Fraud
· Illegal aliens applying for jobs
· Criminals in hiding
· Sex offenders living where they are prohibited
All it takes is a name and social security number and hackers can pose as anyone. If you’ve determined that your social security number was stolen, then we suggest taking a quick look here.
2. Change All Affected Passwords if You’re Data Was Leaked
This is a no-brainer. If you know your password is compromised, then change your password to something strong and change all passwords for accounts that use the same password that was stolen. The majority of people use the same password for multiple sites so it’s important to change anything that could be affected. It’s important to have different passwords for all of your accounts which are linked to sensitive information. If this seems annoying, you can download a browser plugin like Dashlane, which manages all of your passwords. Create a very strong password for password managers since a single hack could compromise anything. Think more “(A3759!n()” and less “middlename123” (we’ve all done it).
I can’t speak for everyone here at Secure Identity Systems, but I personally use two-factor authentication to protect my accounts. Two-factor authentication requires a login pin which is texted to your personal cell phone every time you log in. If you don’t want a complicated password and you still desire increased security, this is the way to go.
3. Contact relevant financial institutions (Especially in the case of the Equifax Data Breach)
Every major bank has a customer service number printed on a debit credit card.
The easiest method for contact is to call the number on the back of the compromised card. Make sure you get in touch with a real person and ask the card issuer (Chase, Wells Fargo, Capital One, etc.) to alert you if it detects suspicious activity.
If you don’t alert your bank before fraudulent charges appear on your card you have two options. If a credit card is used, you have 60 days to submit a written dispute to the bank. The bank may say that you have a $50 liability, but you may be able to avoid all charges. If a debit card is stolen, you only have 2 business days after learning about fraud to tell the bank. Debit cards do’t have the protection of credit cards and they can have 10x the liability as a credit card. This means you may be liable for up to $500. Keep in mind, if you haven’t contacted the bank in the appropriate time window you may be on the hook for everything. This is one thing area where we cannot be procrastinators. Procrastination makes fraud incredibly dangerous.
4. Contact the credit-reporting bureaus
In America, fraud alerts are free. If you request an alert you will get a free credit report. You can request an alert via the web or by calling TransUnion (800-680-7289), Experian (888-397-3742), Equifax (888-766-0008), and Innovis (800-540-2505). All of them are legally required to contact the other if they receive an individual’s request for a fraud alert. In the case of the Equifax data breach, special instructions were provided by the breached agency.
You can also request a credit freeze to prevent damage to your identity. A credit freeze won’t allow credit reports and won’t allow additional accounts to open without your permission. Credit card freezes vary in cost, but they are fairly cheap at about $10. Keep in mind that a credit freeze can cause complications when you apply for credit cards or if you switch cell providers/cable providers.
5. Sign up for Total Identity Monitoring for proactive and reactive solutions to Identity Theft
Only 26% of confirmed identity fraud cases are related to credit. To catch the other 74% of identity fraud cases early, it is important to monitor both public and non-public databases. From the Dark Web to gun permits and utility records, Secure Identity System’s 1500 database scans have the ability to cover every corner of the digital world to ensure your safety. Secure Identity Systems robust solution also includes New Account Opening Alerts. If a line of credit or a new account is opened in your name, you get contacted immediately to verify that you approve and authorize the transaction. While some identity fraud companies merely monitor for suspicious activity, we proactively alert our customers when our advanced technologies suspect a hint of fraud. If one of our customers falls victim to identity fraud, we have a team of professional investigators and personal recovery advocates to make the necessary calls and fill out the required documents to return our customers to pre-theft status.
If you’d like to learn more about identity theft protection and data breach response technology, head on over to our Cyber Security for Individuals and Families page for additional information.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]