Loading...

After a Breach… Now What?

Published: February 11, 2015 by Guest Contributor

The news of the latest breach last week reported that tens of millions of customer and employee records were stolen by a sophisticated hacker incursion. The data lost is reported to include names, birth dates, Social Security numbers, and addresses.

The nature of the stolen data has the potential to create long-term headaches for the organization and tens of millions of individuals. Unlike a retailer or financial breach, where stolen payment cards can be deactivated and new ones issued, the theft of permanent identity information is, well, not easily corrected. You can’t simply reissue Social Security numbers, birth dates, names and addresses. What’s more, the data likely includes identity data on millions of dependent minors, who are prime targets for identity thieves and whose credit goes frequently unmonitored.

According to the Identity Theft Resource Center’s 2014 Data Breach Report, a record 783 breaches, representing 85 million records, occurred from January through September 2014 alone. The breaches have ranged across virtually every industry segment and data type.

So where does all this breached data go?

It goes into the massive, global underground marketplace for stolen data, where it’s bought and sold, and then used by cybercriminals and fraudsters to defraud organizations and individuals. Like any market, supply and demand determines price, and the massive quantity of recent breaches has made stolen identities more affordable to more fraudsters, exacerbating the overall problem. In fact, stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company.

The big question: So what now?

The answer: Assume that all data has been breached, and act accordingly.

Such a statement sounds a bit trivial, but it’s a significant paradigm shift. It’s a clear-headed recognition of the implications of the ongoing, escalating covert war between cybercriminals and fraudsters, on one side, and organizations and consumers on the other.

For individuals, we need to internalize this fact: our data has likely been breached, and we need to become vigilant and defend ourselves. Sign up for a credit monitoring service that covers all three credit bureaus to be alerted if your data or ID is being used in ways that indicate fraud. Include your children, as well. A child’s identity is far more valuable to a fraudster as they know it can be several years before their stolen identity is detected. Many parents do not check their child’s credit regularly, if at all.

For organizations, it’s a war on two fronts: data protection and fraud prevention. And the stakes are huge, bigger than many of us recognize. We’re not just fighting to prevent financial theft, we’re fighting to preserve trust — trust between organizations and consumers, at the first level, and ultimately widespread consumer trust in the institutions of finance, commerce, and government.

We must collectively strive to win the war on data protection, no doubt, and prevent future data breaches. But what breaches illustrate is that, when fundamental identity data is breached, a terrible burden is placed on the second line of defense — fraud prevention.

Simply put, organizations must continually evolve their fraud prevention control and skills, and minimize the damage caused by stolen identity data. And we must do it in ways that reinforce the trust between consumers and organizations, enhance the customer experience, and frustrate the criminals.

At 41st Parameter, we are at the front lines of fraud prevention every day, and what we see are risks throughout the ecosystem. Account opening is a particular vulnerability, as consumer identity data obtained in the underground will undoubtedly be used to open lines of credit, submit fraudulent tax returns, etc. unbeknownst to the consumer. Since so much data has been breached, many of these new accounts will look “clean,” presenting a major challenge for traditional identity-based fraud and compliance solutions. But it’s more than new accounts — account takeover, transactions, loyalty, every stage is in jeopardy now that so much identity data is on the loose. Even the call center is vulnerable, as the very basis for caller authentication often relies on components of identity.

At 41st Parameter and Experian Fraud & Identity solutions, we advocate a comprehensive layered approach that leverages multiple solutions such as FraudNet, Precise ID, KIQ, and credit data to protect all aspects of the customer journey while ensuring a seamless, positive user experience across channels and lines of business. Read our fraud perspective paper to learn more.

Now is the time to take action.

 http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924

Related Posts

Tenant screening fraud is rising, with falsified paystubs and AI-generated documents driving risk. Learn how income and employment verification tools powered by observed data improve fraud detection, reduce costs, and streamline tenant screening.

Published: September 4, 2025 by Ted Wentzel

In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is  possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study

Published: September 3, 2025 by Allison Lemaster

Data breaches continue to be a reality for organizations across industries, and the complexity of responding to them is only increasing. From AI-driven fraud to third-party exposures, the risk landscape is shifting fast. Having a modern and tested response plan is essential to containing the damage, protecting your customers, and preserving your organization’s reputation when a breach occurs. Experian’s eleventh annual Data Breach Response Guide draws on decades of breach support experience. It offers practical strategies and insights for navigating the moments that matter most: the first hours after a breach and the days that follow. The 2025–2026 guide explores: How AI is shaping new breach and fraud patterns Where organizations are most vulnerable, including third-party and supply chain weak points Consumer expectations and how they influence crisis response How prepared organizations are reducing impact and protecting trust What is required to build a modern, effective breach response plan Organizations with a tested plan can potentially reduce the cost, impact, and long-term consequences of a breach. From real-world case insights to crisis communication templates, this guide is designed to help teams act quickly and confidently. Download the 2025–2026 Data Breach Response Guide to learn how you can strengthen your breach preparedness, reduce risk exposure, and build resilience against the next wave of cybersecurity threats. Download guide

Published: August 4, 2025 by Julie Lee