Tag: breach
When it comes to online personal data, the majority of Americans believe it has become more and more difficult to control who has access to that information.[1] And as international data breaches continue to feed the dark web, the cost is high for consumers. Identity theft by the numbers At least 16 billion records have been exposed through data breaches since 2019, and 31% of data breach victims later have their identity stolen[2]. The cost of obtaining a full range of documents and account details allowing identity theft is about $1,275.[3] With a 290% increase in stolen data found on the dark web in the past three years, monitoring is a must-have for data-driven service providers[4]. Now more than ever, consumers expect businesses that collect their information to keep it secure. A solution for your customers Here’s the good news: Experian CyberAgent® is a proprietary, patented dark web technology that proactively detects compromised confidential data online around the world. With more than 21 billion records found, this software is designed for proactive cyber detection on an international level. CyberAgent® monitors a variety of identity elements and captures all the data being exchanged, including: Social Security numbers National identification numbers Email addresses/ domains and phone numbers Medical identifications numbers Passport and driver’s license numbers Credit/debit card information Retail card numbers Bank account and routing numbers International banking numbers Global protection As the only internet surveillance tool that can match data on an international level, CyberAgent® breaks language barriers and detects identity theft across the globe. By monitoring thousands of websites and millions of data points, this technology enables you to notify your customers if a match to their monitored personal information is found. Alert your customers before they become a victim of identity theft and offer unrivaled protection from dark web threats. Click here to learn more [1]Ipsos. 2022. Most Americans say it is increasingly difficult to control who can access their online data. [2]Selfkey. 2020. All Data Breaches in 2019 – 2022 – An Alarming Timeline. [3]Privacy Affairs. 2020. Dark Web Price Index 2020. [4]Experian CyberAgent® monitoring counts as of June 2022.
When a data breach occurs, laws and industry regulations, dictate when and if you need to notify consumers whose data might have been compromised. However, many consumers would also probably argue that you’re morally obligated, to notify them of data loss; they want you to tell them of the breach and to do so in a courteous, straightforward manner. Because of this, a breach notification letter is an integral piece of a firm’s breach response as these often are the first inkling consumers have that their information may have been compromised, and their identities might be at risk. It’s imperative those letters be efficient, effective – and perhaps most importantly – humane. A 2014 study by the Ponemon Institute and Experian Data Breach Resolution indicates consumers feel there’s room for improvement in data breach notification letters. The survey polled people who had received a data breach notification letter. Sixty-seven percent of those surveyed said they want letters to better explain the risks and potential harms they may face as a result of the breach, 56 want the letter to disclose all the facts, and a third didn’t want the letter to “sugar-coat” the situation. A quarter wanted the letters to be more personal. The Experian Data Breach Resolution team has vast experience with breach notification letters and data breach notification regulations. In our experience, here are the five most common and egregious errors to avoid when sending a data breach notification letter: 1. Keeping the consumer in the dark about the details. Customers will want to know what information was compromised in the breach. Was it their Social Security number? A credit card number? Their home address? Consumers can’t protect themselves from further harm if they don’t know exactly what’s at risk. Don’t leave them guessing. Tell consumers exactly what information was compromised in the breach. 2. Speaking “legalese.” Reverting to legalese – highly complex verbiage largely understandable only to lawyers – is a defense mechanism for companies, and it doesn’t really help the consumer. Twenty-three percent of those polled by Ponemon said the letter they received would have been better if it had less legal or technical language. Keep letters short, factual and simply worded so that the average Joe or Jane can understand them. 3. Leaving out the ramifications and risks. It’s not enough to simply tell consumers they’ve been involved in a breach. It’s not even enough to tell them what information has been compromised. To truly empower them to protect themselves from further harm, you need to alert consumers to what those risks may be. Consider the type of data that was lost, then explain the risks that can be associated with that type of data loss. 4. Failing to offer an olive branch. Whether the breach was your fault or not, consumers will hold you responsible and they will feel they should get some kind of compensation for all the grief the breach will cause them. Providing breached customers with an identity protection product not only helps protect them, but it shields your company’s reputation, too. In the Ponemon study, 67 percent of consumers said they felt companies should offer some form of compensation – whether cash, product or service – to consumers caught in a data breach. Sixty-three percent said the company should offer them free identity theft protection and 58 percent wanted free credit monitoring. Interestingly, 43 percent also said a sincere and personal apology might help convince them to keep their business with the breached organization.. 5. Failing to seize the chance to rebuild trust. There’s no question that a data breach undermines customer trust. Some customers will leave a breached company. Among polled customers who remained with the breached company, inertia seemed a major factor in their decision not to go elsewhere; 67 percent said they stayed simply because it was too difficult to find someone else to offer the same products or services. Less than half (45 percent) said they stayed because they were happy with how the company handled the data breach. Breach letters are actually an opportunity to begin rebuilding trust. Explain to consumers what you’re doing to reduce the risk of future breaches, and how you’re taking steps to help protect them from further harm. Despite your best efforts, a data breach can occur. When it does, the data breach notification letter is your all-important point of first contact with affected consumers. Craft it well and the letter can be a valuable tool for mitigating reputation damage and rebuilding trust. Learn more from our Knowledge Center
An employee who never uses a mobile device – personal or company-supplied – for business purposes is becoming a rare creature, indeed. Use of mobile devices is prevalent across virtually every industry, and the convenience and flexibility these devices offer professionals can be great for business. Provided, that is, those devices are secure. Mobile devices continue to be a significant source of data breaches, and a particular concern for anyone engaged in cyber security, according to eSecurity Planet’s Data Breach Roundup. Mobile-related data breaches stem from a range of circumstances, including loss or theft of devices, failure to use anti-malware, or failing to password-protect a device being used for business purposes. Devices can put your data at risk if an employee stores any proprietary information on a mobile device, or if workers use unsecured devices to access your network – even if you’ve taken steps to secure the network itself. Managing mobile devices can be one of the most challenging aspects of your overall cyber security program, but it’s imperative and – fortunately – not impossible. Minimizing mobile device risks CTIA, The Wireless Association, offers some guidelines for mobile device cyber security in its whitepaper “Today’s Mobile Cybersecurity: Blueprint for the Future.” The organization points to five cornerstones of mobile cyber security: Education about the importance of mobile security Devices with security features like anti-malware and anti-spam settings Strong, enforced network security policies Authentication for all network users Secure connections, from cloud to network Many tools exist to help your organization ensure secure footing on each of those cornerstones. CTIA cites options like risk management, security policies and monitoring. We would add to that list, and emphasize the importance of a data breach response plan that addresses the specific challenges and risks associated with a mobile-spurred data breach incident. While your organization can take strong, reasoned steps toward minimizing risks, it’s equally important to be ready to respond when a breach occurs. Mobile device security is sure to be a growing issue throughout 2014, as more people than ever use smartphones, tablets and other mobile devices to work more efficiently. With the right precautions, you can help ensure your employees work safely, as well. Learn more about our Data Breach solutions