Translate

Monday, October 1, 2012

What to Do If You're a Data Breach Victim

Up to 20 million Americans may become victims of a data breach this year, in one or more of an estimated 400 incidents. That's if trends that marked the halfway stage for the year are anything to go by -- 220 breaches of data, affecting more than 12 million people, at the end of August 2012. A data breach happens when a hacker gains access to a computer that contains personal records of individuals, or a disk or other device containing records is lost or stolen. 

These may be stored by a business or other organization -- a hospital or bank for instance -- and the records may hold information ranging from simple contact details like home or email addresses, to highly sensitive and confidential information like credit card numbers and health records. Hacking is not a rare event. In a recent survey by both Norton and McAfee, an incredible 90% of the 600 businesses polled said they'd been hacked. Fortunately, these cyber break-ins don't always find personal records. Or, if they do, they're often not used for identity theft, it only the rare instance that victims actually get their ID stolen by the hacker. 

In fact, according to a report by Carnegie Mellon University, the likelihood of becoming an ID theft victim if your details are accessed through a breach of data is around +/-2%. And the online encyclopedia, Wikipedia, (where by the way, I have an account with them as well) claims that in one of the worst-ever breaches of data, only 1,800 of the 4 million records affected actually led to ID theft. But still, with the sort of numbers seen so far this year, everyone whose records are online is potentially vulnerable to a data breach. 

Heres some Options for Data Breach Victims:
That raises the question of what you should do once you learn you're a victim. First, it's important to know that most states require organizations whose data is stolen to send out a data breach notification to all victims. At the time of writing, a few still don't. (You can check which ones in States with Laws Requiring Consumer Notification of ID Theft -- though we can't vouch for its accuracy). Note: What's important is the state where the breach of data occurred is based, not where you happen to live. And, of course, even in states where notifying you is not mandatory, most firms accept the moral obligation to send out a data breach notification. 

What you do next depends on the severity of the incident and the willingness of the organization and others to help you. Bearing this in mind, here's a countdown of actions you should either take or consider:
  1. First, check if the notification you received is genuine. Sounds obvious doesn't it? But that letter or email you got could be bogus -- from a crook trying to get you to give away key personal information. Before taking further action, check online for reports of a data breach or, if necessary, contact the organization (using their phone directory listing, not the number on the notification) to ensure it's legit. 

  2. Assuming it's genuine, establish exactly what sort of information has been disclosed since that will dictate what you do next. The data breach notification may tell you exactly what's been stolen but, more likely, they'll say data has been compromised and they're not even sure if you're among the victims or precisely what information has been accessed. In that case, assume the worst. If the organization has your credit card info, assume the thieves now have it. 

  3. Establish what help the organization plans to give you. Mostly, they're not legally obliged to do anything beyond notifying you, but these days many offer to pay for services that monitor your credit records to see if anyone's using your details.


If this service is offered to you, take it.
If the firm doesn't make the offer, ask them. Usually, the data breach notification letter will contain a helpline number you can call, or contact their main number. And as a matter of routine, you should take the following steps:
  • Change, delete and replace any email addresses the organization may have used for you. 

  • Change passwords you may have used with them. That is, obliterate every single usage of the password, even with organizations not connected with the incident.
Incidentally, hackers sometimes just steal information for the heck of it and then release the email addresses and passwords to show what they've done. This is their way of bragging over their deeds. 

You can check your email addresses against these publicly released lists at ShouldIChangeMyPassword.com (again, we can't vouch for the accuracy or security of this site, though the operators insist they do not store any information you input).
  • Monitor media coverage of the data breach to ensure you're up-to-date with the scale and nature of the incident. 

  • Double up on your phishing vigilance.
As I stated in #1 above, once someone has your email or postal address they may contact you asking for information, posing as the organization that suffered the data breach. So, even if you know there's been a data breach, don't just give out information about yourself in response to a letter. Check it carefully. Hacked organizations aren't likely to ask you for any confidential information anyway. They already have it.
  1. Now for some specifics for more serious data breach theft. If any financial information or your Social Security number have been stolen, here are some actions you can take:
  • Ask the bank to notify you of any suspicious activity conducted in your name. 

  • Put a fraud alert on your credit records. This will flag-up a warning sign if anyone tries to gain credit using your name.
Most credit issuers, including retailers and card companies, always check these reports before allowing credit. The credit reporting agencies won't necessarily tell you when this happens but it will make your account information worthless to the crooks for opening new accounts. For information about creating a fraud alert, see this guidance from the Federal Trade Commission (FTC), DEFEND: Recover From Identity Theft..
  • Keep close tabs on your credit card and bank accounts to detect any unusual activity -- daily if you monitor them online. 

  • If you're really worried, consider asking your bank and/or credit card company to cancel your accounts and open new ones, issuing new cards.
The Golden Rule:
A couple more things to know:
First, the theft of your Social Security number is potentially the most harmful since you can't just cancel your SSN and get another one.

Second, if your information is stolen in a data breach, you must be vigilant for a long time. Stolen financial data, like credit card numbers, are traded in the criminal black market and take years to be used. 

And finally, the golden rule: Assume your personal information will one day be stolen in a data breach, because it probably will, so be careful how you spread those details around!
-Birdy
Posted by at
Labels:

No comments:

Post a Comment

Please be considerate of others, and please do not post any comment that has profane language. Please Do Not post Spam. Thank you.

Subscribe to: Post Comments (Atom)
Powered By Blogger

Labels

Abduction (2) Abuse (3) Advertisement (1) Agency By City (1) Agency Service Provided Beyond Survival Sexual Assault (1) Aggressive Driving (1) Alcohol (1) ALZHEIMER'S DISEASE (2) Anti-Fraud (2) Aspartame (1) Assault (1) Auto Theft Prevention (9) Better Life (1) Books (1) Bribery (1) Bullying (1) Burglary (30) Car Theft (8) Carjackng (2) Child Molestation (5) Child Sexual Abuse (1) Child Abuse (2) Child Kidnapping (3) Child Porn (1) Child Rape (3) Child Safety (18) Child Sexual Abuse (9) Child Violence (1) Classification of Crime (1) Club Drugs (1) College (1) Computer (4) Computer Criime (4) Computer Crime (8) Confessions (2) CONFESSIONS (7) Cons (2) Credit Card Scams (2) Crime (11) Crime Index (3) Crime Prevention Tips (14) Crime Tips (31) Criminal Activity (1) Criminal Behavior (3) Crimm (1) Cyber-Stalking (2) Dating Violence (1) Deviant Behavior (6) Domestic Violence (7) E-Scams And Warnings (1) Elder Abuse (9) Elder Scams (1) Empathy (1) Extortion (1) Eyeballing a Shopping Center (1) Facebook (9) Fakes (1) Family Security (1) Fat People (1) FBI (1) Federal Law (1) Financial (2) Fire (1) Fraud (9) FREE (4) Fun and Games (1) Global Crime on World Wide Net (1) Golden Rules (1) Government (1) Guilt (2) Hackers (1) Harassment (1) Help (2) Help Needed (1) Home Invasion (2) How to Prevent Rape (1) ID Theft (96) Info. (1) Intent (1) Internet Crime (6) Internet Fraud (1) Internet Fraud and Scams (7) Internet Predators (1) Internet Security (30) Jobs (1) Kidnapping (1) Larceny (2) Laughs (3) Law (1) Medician and Law (1) Megans Law (1) Mental Health (1) Mental Health Sexual (1) Misc. (11) Missing Cash (5) Missing Money (1) Moner Matters (1) Money Matters (1) Money Saving Tips (11) Motive (1) Murder (1) Note from Birdy (1) Older Adults (1) Opinion (1) Opinions about this article are Welcome. (1) Personal Note (2) Personal Security and Safety (12) Porn (1) Prevention (2) Price of Crime (1) Private Life (1) Protect Our Kids (1) Protect Yourself (1) Protection Order (1) Psychopath (1) Psychopathy (1) Psychosis (1) PTSD (2) Punishment (1) Quoted Text (1) Rape (66) Ravishment (4) Read Me (1) Recovery (1) Regret (1) Religious Rape (1) Remorse (1) Road Rage (1) Robbery (5) Safety (2) SCAM (19) Scams (62) Schemes (1) Secrets (2) Security Threats (1) Serial Killer (2) Serial Killer/Rapist (4) Serial Killers (2) Sexual Assault (16) Sexual Assault - Spanish Version (3) Sexual Assault against Females (5) Sexual Education (1) Sexual Harassment (1) Sexual Trauma. (4) Shame (1) Sociopath (2) Sociopathy (1) Spam (6) Spyware (1) SSN's (4) Stalking (1) State Law (1) Stress (1) Survival (2) Sympathy (1) Tax Evasion (1) Theft (13) this Eve (1) Tips (13) Tips on Prevention (14) Travel (5) Tricks (1) Twitter (1) Unemployment (1) Victim (1) Victim Rights (9) Victimization (1) Violence against Women (1) Violence. (3) vs. (1) Vulnerable Victims (1) What Not To Buy (2)