InfoSec Blog - What Do I Do After a Breach?


October 13, 2017

With the announcement of the Equifax data breach last month, over 143 million people became sitting ducks for fraud. The full effect of this breach will take years to be calculated, but there was an immediate impact to the stock market, the company's brand, their management, and it resulted in billions of dollars in lawsuits. For those affected by the breach, they are left wondering what to do now. The graphic below provides a good guide on what steps you should take if you have been affected by a data breach.


WHAT TO DO FTER A BREACH   WHEN YOU HEAR ABOUT A DATA BREACH AT A COMPANY YOU DO BUSINESS WITH:  1  Change your login information on accounts with the affected company. If you used that same user name or password on other sites, change those, too.  L   n   *  r2  L  Monitor any financial accounts associated with the breach for fraud. (Say, the credit card you used at a breached retailer.) Your liability may depend on how quickly you spot and report suspicious transactions.   •  r  3   Watch out for phishing attacks. Thieves often use news of a breach to generate new attacks, posing as the affected company to trick consumers into giving up personal information.   i^  r 4   Take advantage of any free credit monitoring offered by the affected company, to catch new accounts opened in your name.   5  Place a free fraud alert on your file with the three credit reporting companies: Equifax, Experian and TransUnion. The renewable, 90-day alert requires lenders to verify your identity before issuing credit, making it tougher for someone to open new accounts in your name.  A more extreme measure: A credit freeze, which prevents anyone — including you — from obtaining new credit. Depending on your home state and circumstances, you may pay a small fee each time you place or lift the freeze.    K  BREACH  RISK METER  Based on what information was compromised, how worried should you be?    INFORMATION:   Your email address or phone number may not be valuable on its own, but be on the lookout for phishing emails and calls. Criminals use these tactics to try to get more sensitive personal information.  CREDIT CARD NU   Chip and PIN technology makes it tougher for thieves to generate fraudulent transactions. There's a hassle factor for monitoring the account and alerting your issuer. But federal law limits cardholders' fraud liability at $50, and banks usually waive even that.   DEBIT CARD NUMBER:      Liability can be capped at $0, $50, $500 or more, depending on how quickly you report the theft. It can take days for the bank to reimburse stolen funds, putting you at risk for overdrafts and bounced checks.  ACCOUNT LOGIN AND PAS  Depending on the account, there can be a lot of opportunities for fraud, either directly (draining a bank account) or indirectly (mining email for sensitive data like your bank details or Social Security number). The danger multiplies if you use the same compromised login combo for other important financial or email accounts.   SIGN ON     SOCIAL SECURITY NUMBER:    With an SSN, criminals can impersonate you, generating new loans and credit accounts, medical debts, faux tax returns and criminal records.  SOURCES: CNBC.COM


Written by: Hanna Guan (Cyber Security Analyst, Information Security)
Image Source: CNBC