If you’ve been following the EmailMeForm blog, you know that we typically share content directly relevant to small business owners. Today, we are going to take a different route and speak to you as a consumer, sharing information about how to handle a data breach.
Why? Because we take online security seriously. No catch, no secret sauce. We just want you to have this remedy for a data breach, although we hope that you never need it!
Picture this. You’ve just worked all day. You arrive home and check your mailbox. In it, you find a letter from a company that you do business with that they were hacked. Now, your personally identifiable information is in the hands of the hackers.
What do you do?
The fact is that swift action can help to disarm the bad guys who stole your information. While the fact will remain that they will hold your data in their greedy little hands, you can minimize their opportunities to use your info to make purchases, take out loans, or open credit card accounts.
Data Breach Overview
For those who might not understand why your personal data is so attractive to a scammer, let’s start with some basics.
What is a data breach?
A data breach is an occurrence during which confidential or sensitive data is compromised or stolen from an organization with neither their authorization nor their knowledge. Some of the most harmful data hackers can take include the following:
- Social security numbers
- Driver’s license numbers
- Credit card numbers
- Banking or financial account data
- Demographic data
- Statistical information
Why do hackers value your data?
Once a hacker has this personal data, they are able to use it in a variety of ways. They could sell it on the dark web, hold it and demand you pay a ransom, or use it for obtaining loans or credit cards.
Hacking is a crime of opportunity. If the data is there, the hacker will take it without a second thought.
Virtually no company is immune from a data breach. Companies continuously work to keep a step ahead of the latest hacking trends.
Notable data breaches so far in 2019
To give you a better picture of exactly how far and widespread this problem is, here are five of the most significant data breaches so far this year.
- Wyzant, a trendy web-based tutoring service, announced a data breach of registered users’ confidential information in May of 2019. The extent of the breach remains under an investigation.
- Microsoft Hotmail, MSN, and Outlook emails were exposed to hackers in April of 2019.
- The Atlanta Hawks NBA team had a breach of their e-commerce site, exposing the names, birth dates, and credit card data of those who purchased tickets on their website during a specific period.
- Hackers breached Georgia Tech’s records of employees, students, and past student applicants in April of 2019, gathering names, dates of birth, social security numbers, and addresses.
- Citrix employee data was leaked in March of 2019, including employee social security numbers.
These breaches exposed the personally identifiable information (PII) of millions of users. As you can see the list, these are not small players. Each of these incidents involved a reputable organization who thought they had protected their users.
9 Actions to Take if You Receive a Notice of a Data Breach
If you do business with a company which suffers a data breach, they will notify you in writing by email, letter, or both.
It’s imperative that you spring into action right away. In some cases, the data breach is not detected immediately, so the bad guys have already got the benefit of a head start on you.
Here are some actionable tips you can take to minimize the collateral damage after your personally identifiable information is “out there.”
If your email data is compromised, be alert to the increased potential for phishing scams. It’s likely that your email address is circulating around the dark web, leaving you exposed to scams Report any unusual email activity and never open up questionable emails.
Take the time to change your passwords on all sensitive accounts. From social media to banking to email, you are wide open to further damage if you don’t create strong passwords right away.
If you have the option of setting up Multi-Factor Authentication, that will make data security even tighter. Multi-Factor Authentication requires you to first enter a password, receive an SMS (text message) or email PIN, then enter that number into the system to unlock it. It is added protection that you need right now!
Be wary of trusted companies
Even if you do conduct legitimate business with a company—like a bank or e-commerce retail store—second guess emails that request information.
If your bank, for example, has never emailed you requesting updated information in the past, you should be particularly suspicious if you receive this type of email. Contact that company directly to inquire whether or not they sent the request.
If they did not request this, report the attempted fraud.
Keep an eye on your bank accounts
Review your bank accounts, with an eye towards unauthorized purchases. Report any spending that is not familiar to your bank. Sign up to receive a daily balance alert by SMS directly to your (locked and secured, please) cell phone.
Call your credit card company
If your notice informs you that your credit card is exposed, contact that financial institution immediately.
They can deactivate your cards and reissue brand new account numbers, rendering the old card numbers useless. Document the date and time of the call and the name of the representative who spoke with you, in case you need it to dispute fraudulent charges in the future.
While the credit card company might not mandate this, be sure to set a new PIN when your new card arrives.
Notify the DMV
Should your driver’s license data be stolen, contact your state’s Department of Motor Vehicles. Solutions to this scenario vary from one state to another, but a driver’s license is a valuable document on the dark web.
Accept any free assistance offered
Post-breach, some larger companies will offer you a remedy of free credit monitoring. Accept it! You will receive alerts by your choice of text message or email (or both) if anything shady blips onto the credit bureau’s radar.
This timely alert system gives you time to respond rapidly to any fraudulent activities.
Contact the credit bureaus
Reach out to the three primary credit bureaus, Equifax, Experian, Transunion to get copies of your most current credit reports and review them for fraud. Let them know what data (social security number, date of birth, driver’s license, etc.) the hackers stole. They can also (upon request) document the fraud and make it challenging for hackers from taking out fraudulent loans or applying for any accounts using your data.
On a side note, Experian and Equifax have both experienced data breaches of their own, so they know firsthand the struggle you’re going through. They will work with you to lock out criminals!
Be vigilant about online security
Finally, be vigilant about online safety. This should be a daily practice, but be more alert after a data breach. Only visit trusted websites with SSL protocol (https://) and don’t overshare information on social media.
Okay, we know our readers already know this, but it’s worth restating!
EmailMeForm: Passionate About Data Security
You are a savvy business owner, and you want to do the right thing for your clientele. We are as passionate about data security as you now are!
Protect your customers from the same harrowing experience of cleaning up the mess unleashed after a data breach by locking your customer payment information up in the EmailMeForm Vault.
When you opt for EmailMeForm, you’re partnering with a PCI-certified company whose top priority is customer data security. And, when you store your customer data in the Vault, you will be required to set up Multi-Factor Authentication, an added layer of protection.