Did you recently get a notice that says your personal information was exposed in a data breach? Did you lose your wallet? Or learn that an online account was hacked? Depending on what information was lost, there are steps you can take to help protect yourself from identity theft.
- Be extra careful about emails and attachments. Avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from any company connected to a data breach. Learn More
- Use Two-factor authentication. Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account. Learn More
- File your taxes promptly. While thieves may use stolen information to create fraudulent bank accounts, they may also use it to file fraudulent tax returns. File your taxes as soon as you have the tax information you need and respond promptly to letters sent to you by the IRS. Note that the IRS will never communicate with you via email, so watch out for this type of fraud and don’t open emails purporting to be from the IRS
- Check your Credit Cards accounts often. Reviewing your recent account activity is fundamental to credit card safety—and it’s easy. You can do it online or by phone. If your credit card issuer offers email or text alerts about unusual activity, sign up to receive them.
- Monitor credit reports. Check your credit report for any accounts that crooks may have opened in your name. Credit reports are available for free, from each of the three national credit reporting agencies — Equifax, Experian and TransUnion — every 12 months from http://www.AnnualCreditReport.com. Some monitoring services and credit card companies now allow you unlimited access to credit information, so you could theoretically check every day.
- Order specialty free reports outside of the big three credit reporting agencies. Specialty reporting companies may disclose information that can help prevent fraudulent accounts and other identity theft crimes:
LexisNexis Full File Disclosure. It’s one of the more comprehensive databases out there, containing all the information LexisNexis gathers to create its various reports about you. And, like credit reports, you can order one free copy per year. Please visit: https://personalreports.lexisnexis.com/access_your_full_file_disclosure.jsp
Complete List: For a complete list, please visit the Consumer Protection Financial Bureau at: http://files.consumerfinance.gov/f/201604_cfpb_list-of-consumer-reporting-companies.pdf
What to do if you suspect credit card fraud. Call the bank or financial institution that issued your card immediately. Your issuer may want to cancel your current card and issue you a new one. Check with your issuer to verify that your mailing address has not been changed.
If you still have your card but fraudulent purchases have been made, call your issuer to report the fraud and request a new card. Also, contact the credit bureaus to let them know that fraud has occurred. A "Fraud Alert" message will be placed on your file. You should also request a copy of your credit report and review it carefully.
The following information on how to protect against potential data breaches.
- CONSIDER ANOTHER WAY TO PAY - Try newer ways to pay, such as PayPal or Apple Pay. Any technology that avoids you having your credit card in your hand in a store is safer. Those services store your credit card information and it's not given to the retailer when you make a payment. Stored-value cards or apps, such as the ones used at coffee chains Starbucks and Dunkin Donuts, are also a safer bet, because they don't expose credit card information at the register.
- SIGN IT, DON'T PIN IT - If you're planning on paying with a debit card, sign for your purchase instead of typing in your personal identification number at the cash register. You can do this by asking the cashier to process the card as a credit card or select credit card on the display. Not entering your PIN into a keypad will help reduce the chances of a hacker stealing that number too. Crooks can do more damage with your PIN, possibly printing a copy of the card and taking money out of an ATM.
- BEWARE OF EMAIL SCAMMERS - After big data breaches are exposed, and get a lot of media attention, scammers come out of the woodwork looking to steal personal information. Some emails may mention the latest breach or offer free credit monitoring, but you should never click on the links. Many are for fake sites that try to steal personal information or passwords.
- KEEP UP WITH CREDIT CARD ACTIVITY - Review credit card activity often for any unauthorized charges. And keep an eye out for smaller charges. Thieves will charge smaller amounts to test to see if you notice and then charge a larger amount later. They may also steal a small amount from millions of accounts, scoring a big payday. Also, take advantage of the many alert features that credit cards companies offer today
- MONITOR CREDIT REPORTS - Check your credit report for any accounts that crooks may have opened in your name. Credit reports are available for free, from each of the three national credit reporting agencies — Equifax, Experian and TransUnion — every 12 months from http://www.AnnualCreditReport.com Some monitoring services and credit card companies now allow you unlimited access to credit information, so you could theoretically check every day.
For Small Businesses:
- Keep Only What You Need. Reduce the volume of information you collect and retain to only what is necessary. Minimize the places you store personal data. Know what you keep and where you keep it.
- Destroy Before Disposal. Cross-cut shred paper files before disposing of private information. Also destroy CDs, DVDs and other portable media. Deleting files or reformatting hard drives does not erase data. Instead, use software designed to permanently wipe the drive, or physically destroy it.
- Safeguard Data. Lock physical records in a secure location. Restrict access to employees who need to retrieve private data. Conduct employee background checks and never give access to temporary employees or vendors.
- Update Procedures. Do not use Social Security numbers as employee ID or client account numbers. If you do so, develop another ID system now.
- Establish Password Management. A password policy should be established for all employees or temporary workers who will access corporate resources. In general, password complexity should be established according to the job functions and data security requirements. Passwords should never be shared.
- Secure All Computers. Implement password protection and require re-logon after a period of inactivity. Train employees to never leave laptops or PDAs unattended. Restrict tele-working to company-owned computers and require use of robust passwords that are changed regularly.
- Control Use of Computers. Restrict employee use of computers to business. Don't permit use of file sharing peer-to-peer websites. Block access to inappropriate websites and prohibit use of unapproved software.
- Keep Security Software Up-To-Date. Keep security patches for your computers up to date. Use firewalls, anti-virus and spyware software; update virus and spyware definitions daily.
- Encrypt Data Transmission. Mandate encryption of all data transmissions. Avoid using Wi-Fi networks; they may permit interception of data.
- Manage Use of Portable Media. Portable media, such as DVDs, CDs and USB "flash drives," are more susceptible to loss or theft. Allow only encrypted data to be downloaded to portable storage devices.
- Establish an Approval Process for Employee-Owned Mobile Devices. With the increased capabilities of consumer devices, such as smart phones and tablets, it has become easy to interconnect these devices to company applications and infrastructure. Use of these devices to interconnect to company email, calendaring and other services can blur the lines between company controls and consumer controls. Employees who request and are approved to have access to company information via their personal devices should understand and accept the limitations and controls imposed.
- Govern Internet Usage. Most people use the internet without a thought to the harm that can ensue. Employee misuse of the internet can place your company in an awkward, or even illegal, position. Establishing limits on employee internet usage in the workplace may help avoid these situations. Every organization should decide how employees can and should access the web. You want employees to be productive, and this may be the main concern for limiting internet usage, but security concerns should also dictate how internet guidelines are formulated.
- Manage Email Usage. Many data breaches are a result of employee misuse of email that can result in the loss or theft of data and the accidental downloading of viruses or other malware. Clear standards should be established regarding use of emails, message content, encryption and file retention.
- Govern Social Media. All users of social media need to be aware of the risks associated with social media networking. A strong social media policy is crucial for any business that seeks to use social networking to promote its activities and communicate with its customers. Active governance can help ensure employees speak within the parameters set by their company and follow data privacy best practices.
- Oversee Software Copyright and Licensing. There are many good reasons for employees to comply with software copyright and licensing agreements. Organizations are obliged to adhere to the terms of software usage agreements and employees should be made aware of any usage restrictions. Also, employees should not download and use software that has not been reviewed and approved by the company.
- Report Security Incidents. A procedure should be in place for employees or contractors to report malicious malware in the event it is inadvertently imported. All employees should know how to report incidents of malware and what steps to take to help mitigate damage
How Data Breaches Occur
- Lost or stolen laptops, computers or other computer storage devices
- Backup tapes lost in transit because they were not sent either electronically nor with a qualified human escort
- Hackers breaking into systems
- Employees stealing information or allowing access to information
- Information bought by a fake business
- Poor business practices - for example sending postcards with Social Security numbers on them
- Internal security failures
- Viruses, Trojan Horses and computer security loopholes
- Information tossed into dumpsters - improper disposition of information
What information was lost or exposed?