With the increasing occurrence of data breaches, it’s generally only a matter of time before you receive a notice in the mail or find out online that a vendor you use has been breached and your sensitive information has been compromised.
It’s a helpless feeling when you first hear about a breach, especially because many companies don’t find out about one until months after it’s happened. So, by the time you find out, your data could’ve long been for sale on the Dark Web or your network compromised by exposed login credentials.
For example, customers of popular logo item site Café Press received notifications by mail in September of 2019 of a major data breach that exposed the sensitive information of approximately 23 million accounts, including SSNs and/or Tax ID numbers. The letter stated that the breach most likely occurred on February 19, 2019 – over 6 months prior.
It takes 197 days on average for companies to identify a data breach, and 69 days to contain it.
Vendor management is difficult enough, without throwing data breaches into the mix. So, beyond being upset and frustrated, what can you do when your personal or company information has been compromised by someone else?
Read on for the important steps you can take to protect yourself and your business.
Steps to Take When Your Personal Data Has Been Exposed
While you can’t stop a vendor’s breach from happening, there are things you can do to protect yourself once you’ve been notified and help minimize the damage. Here are some of the key steps you’ll want to take.
Find Out the Extent of the Breach
The first thing you want to do is identify what information has been breached. Was it your email and password login? Your social security number or credit card number? Not all vendors will be as forthcoming with details up front, so you may need to ask.
Larger companies, like Target and Marriott (who’ve both had customer records breached), will generally provide more detailed information via notification email or letter and on their website.
But a smaller business that’s had a data breach, may not realize what a breach notification should include, so you may need to ask them what details have been breached or what could’ve potentially been exposed, if they’re not sure.
Your next steps will be based upon the type of information that’s been breached. For example:
- Credit card number or bank account details
- Login credentials
- Name, address, phone number
Credit Card/Bank Detail Exposure
For a breach of your credit card number or bank account details, you’ll want to immediately contact your credit or debit card issuer to have your card deactivated and a new one issued. Many banks now give you the option to do this yourself directly from a mobile banking app or on their website.
For bank details, you’ll want to contact your bank to let them know of the breach and ask them if there is anything that you should do on your end to protect your account.
You’ll also want to carefully monitor your accounts and look back through older transactions (to the date the vendor believes the breach happened) for anything suspicious.
When your social security number is exposed, it means crooks can sign up for accounts and loans in your name using your SSN without you even knowing about it.
For this type of breach, you’ll want to contact the three credit agencies:
You can have them put a security freeze on your credit files. What this does is prevent new inquiries into your credit report, and most creditors won’t issue new credit without seeing that. This also means it will be frozen should you need to open an account, so you’ll need to contact them again to remove the freeze. This won’t catch every use of your SSN but will help for most legitimate creditors.
You can also request a free copy of your credit report once a year from the three credit agencies. The reports will show a summary of your credit history, so if you see a strange lender listed, you’ll know that your SSN is most likely being used by someone else.
Login Credential Exposure
If your username and password have been compromised, immediately change that password on the vendor’s website. Although it’s not good password practice, many people use the same password for multiple logins, so if that password is used anywhere else, then also change those logins.
If you can, it’s best to enable two-factor authentication on any applications or websites that offer it. Those few seconds more it takes to login pays off in security because even with your password, a hacker can’t gain access.
Name, Address, Phone Number Exposure
If details that are already publicly available are the only things exposed, then you can breathe a sigh of relief. If your vendor knows that 100% nothing else was compromised, then you may not need to take any further action, other than asking what precautions your vendor is taking to prevent a breach from happening again.
Find Out if the Vendor is Offering Any Protections
Many larger companies will offer a short-term credit monitoring service for free after a breach. In the case of Café Press, they offered customers 2 free years of membership in an Experian credit monitoring service. Of course, that means giving your personal data over to another vendor, so you’ll have to weigh the pluses and minuses.
How’s Your Customer Data Security?
No company wants to be the vendor that has to notify their customers of a breach. Technology Visionaries offers a FREE security assessment so you can ensure your data security is rock solid.
Schedule your free security assessment today by calling 732-587-5960 or contacting us online.