by Shannon D. Smith, PLLC, Attorney at Law
Your Personal Information Has Been Compromised!
Now what? After a long day at work, you pull up to the mailbox, retrieve the mail, and notice an unusual envelope. Inside there is a notification that the local school or a former employer (with which you have had no association for several years) has had a data breach, and your personal private information has been compromised. They offer a year of free credit monitoring and identity theft protection. Does that solve the problem? What do you do next?
Is credit monitoring and identity theft protection a good idea? Yes. Does that solve the problem by itself? Hardly. Here are ten first steps you can take to help you on your way. These are certainly not exhaustive and not intended as legal advice, but will help get you started when you feel unsure what to do next. (1) First, if not specifically stated, find out exactly what data of yours was exposed. Such a letter or email is often intended to notify a large, sometimes diverse, group of people and might not provide the information necessary to evaluate and mitigate the specific risks to you individually. General information should be included in the letter and a form of contact should be provided. Submit your request for specific information in writing, via email or letter, and keep any response for your records. This will help you evaluate where to focus your efforts on preventing and/or curtailing resulting damage.
(2) Start a folder for keeping records related to the data breach. This may be hard copy or digital, but having records in one easily accessible location helps keep them organized and helps minimize time and effort necessary for dealing with the breach. Be sure to include documentation of your time and effort spent dealing with the breach, as you could eventually become entitled to compensation for the same. (3) Review your banking, credit card, and phone records for unauthorized charges or access. Even if information about these accounts was not directly compromised by the breach, any personal private information, particularly a social security number combined with a date of birth, can be a gateway to reverse engineering access to additional private information. (4) Review email for indications of attempted unauthorized access to online accounts. Be sure to notice emails that indicate a wrong password was entered, an attempt was made to change your password, or other changes or updates were made.
(5) Change your passwords, all of them. Yes, this is a pain, and time consuming, but data breaches frequently involve cyber criminals adept at reverse engineering access to online accounts by piecing together information from different sources. For example, a cybercriminal who gains access to an individual's name, address, date of birth, and social security number might be able to gain access to government records online through brute force hacking of the individual's passwords. This leads us to number six.
(6) Use difficult to hack passwords. Passwords that contain real words and easily guessed numbers, such as a child's name and a birth date, are easily hacked. Furthermore, passwords using real words are easily hacked by brute force password crackers (such as Hydra, for example).
(7) Be sure to enable two-factor authentication for verification for access to online accounts. Then test it. (8) Be thorough. Do not overlook smaller accounts. Sometimes targets with lower perceived value are easier to hack, but gain cyber criminals access to additional useful information. (9) Be vigilant. When does the threat of harm from such a breach end? It is difficult to say. Continue to be watchful for fraud involving your information. Be watchful for bills for medical care you did not receive, unusual financial inquires or accounts established in your name, unauthorized banking, credit card, or phone charges, and solicitation emails containing more than usual personally identifiable information. (10) Know your rights. While most institutions who become aware of a data breach will at a minimum offer credit monitoring and identity theft protection, victims of the data breach may also be entitled to compensation for losses incurred and time spent dealing with the breach.
Comments