Recovering From A Mega Breach - First Steps

Equifax, Target, JP Morgan Chase, Home Depot, Saks Fifth Avenue – the list of mega corporate hacks goes on and on, and on. A total of 396.5 million identities were impacted from these five corporate giants alone. At a time when it seems no one is safe from having data stolen, that’s exactly how it is. It’s now safe to assume your private information is out there for the taking – birth date, Social Security Number, name and address, debit and banking account numbers, and much more. Unfortunately, if it is out there, it’s likely in the hands of nefarious hackers looking for a payout. Short of throwing your devices off the nearest bridge, there are steps you can take to cut your losses. When the next huge hack hits, it’s time to (gulp) find out if your data is out there and how to fight back.

When simply having an Uber account (57 million victims) can throw your identity into a cyber tizzy, the best defense is a good offense. There are websites dedicated to help you find out if your data is available somewhere after a mega breach – perhaps for sale on the Dark Web. Having a personal breach recovery plan is growing in popularity as a way to minimize damage once your data is out there. First you have to find out if you are one of the countless victims. Second, you must take immediate action if you are. Below are suggestions to find if your data was stolen, and what to do next if the answer is yes. If you’re fortunate enough to remain unscathed, keep them in mind for the next big breach. You know it’s just a matter of time.

Are You a Victim?

• Don’t wait for official notification about your account from the breached company. Breach notification laws vary between states, with differing rules on how quickly you can expect to be notified. Learning about it through the media is good enough reason for concern. If you hear of a company with which you interact and a breach, contact them to find out more.
• Experian Credit Monitoring offers its own free Dark Web scan (particularly useful since 145+ million Equifax customers had their data heisted). Check it out to see if your information is listed.
• HaveIBeenPwned.com is a tested and trusted site that scans your email and other data for breaches.

Victims Take Action!

• Immediately change your password for the breached account(s). If you’re like many of us who reuse passwords (despite knowing better), change other accounts sharing the same one. Password reuse catches many of us out because we don’t change the shared passwords.
• Create a fraud alert with one of the big three credit monitoring bureaus (TransUnion, Experian, Equifax). The information is sent to the remaining two bureaus and all three monitor your credit accounts. They alert you to any suspicious or unauthorized activity and may keep new accounts from being opened with your information. Check with the individual bureaus for more details.
• Go to annualcreditreport.com for free copies of your credit reports. Federal law guarantees they must be provided to you at this site at no charge.
• Notify appropriate financial institutions that your data has been breached. Follow up in writing with certified letters to them about your situation. As with all breach communications sent through the mail, always get a return receipt.
• Go to the FTC website to file a federal identity theft report at IdentityTheft.gov. They develop a personal recovery plan for you, provide updates and progress reports and even help filling out forms.
• File a report with your local law enforcement department. Involving them early can be beneficial to your recovery.
• Keep extensive records of all phone, electronic, and paper files related to your breach and finances. It’s likely at some point you’ll need to reference or provide them as proof.

Stickley on Security