Responding to Identity TheftOctober 9, 2019
We often talk about what you can do to protect your digital identity from cybercriminals, but what happens if your identity is stolen in a data breach? Understanding the process can help you be prepared to respond to a breach and be more vigilant in protecting your critical business data.
As we have discussed in the past, there are many things you can do to protect your identity. Strong passwords, two factor authentication and knowing how to spot a phishing attempt are crucial to keeping your information safe. But sometimes, breaches are out of your control. When a large company is breached, your information could be compromised by no fault of your own.
Breakdown of a Breach:
Large or small, most breaches of a company’s data start with some form of human error. Someone in the company either clicked a link they shouldn’t have or were successfully phished. Once the company has been compromised, all their data, including your SSN, passwords or other PII, is then sold on the dark web. The highest bidder claims your information and they are free to start leveraging it however they wish.
It can take quite a bit of time to discover that your identity has been compromised. Sometimes months or even years if you are not alerted. Thankfully, there are tools that can scan and monitor the dark web and alert any time your information shows up for auction. Salvus uses ID Agent’s Dark Web Monitoring platform to keep an eye out for any client data that finds its way to the Dark Web auction houses.
In the time between the initial breach and when you discover your information has been compromised, the cybercriminals can do serious damage. It is not uncommon for credit cards to be opened and significant debt built up in the victim’s name. We have also seen incidents where the victim’s tax returns have been already filed and the criminal has claimed the refund checks. There are countless ways a cybercriminal can profit from your personal information; the key is knowing how to respond in this situation.
If you find that your data has become compromised during a breach, there are proactive measures you can take to mitigate the damage:
Report the crime. You should notify all the proper authorities based on the type of theft. If your taxes have been compromised, contact the IRS. If you find credit cards have been opened in your name, notify local police, financial institutions as well as the FTC. You should also notify your IT team as soon as possible.
Regularly check your credit reports and statements for anything unexpected or strange. If you notice a new line of credit or charges you did not make, follow up right away. Major credit agencies can put a fraud hold on your name that will prevent any new accounts from being opened.
Confirm what personal information was breached. When a large entity is breached, they will typically report what types of PII were compromised. If it was usernames and passwords, you should consider updating your credentials. If it was SSNs or other sensitive PII, make sure you follow up with all financial and government entities for recommendations.
Contact the company that was originally breached. It is not uncommon for major companies to offer credit monitoring or other assistance to victims of their breach. Take full advantage of any like offers.
File your taxes early. This not only keeps you from rushing to finish your taxes before the deadline, it also limits the amount of time a scammer can use your exposed SSN.
Document everything throughout the process. Names, phone calls, emails and letters can all assist in establishing a legal basis and could assist in disputing any future fraud.