Tag: Data Breach
Businesses are purchasing cyber insurance policies to protect themselves from the crippling cost of a data breach.
When outsourcing consumer data to vendors, here are a few outsourcing practices companies should follow to safeguard the information.
According to a recent Ponemon Institute study, 65 percent of study participants say their organization has had a data breach in the past two years involving consumer data outsourced to a third party. Most of these are preventable, as employee negligence accounts for 45 percent of data breaches and lost or stolen devices account for 40 percent.
The goal of achieving Information Superiority is to gather intelligence that can be used to put you in an advantageous position.
According to a recent Ponemon Institute study, 44 percent of consumers who were notified about a data breach believed the breached company was hiding something. When data breaches occur, it is extremely important to be there for customers and to address their concerns. When companies hide a data breach, impacted consumers begin to suspect the breach is actually much worse than the company claims, and trust in the organization begins to wane. Find out more by downloading the data breach case study of lessons learned from the field.
Many healthcare companies are considering adopting a Bring Your Own Device (BYOD) policy. However, this can lead to workplace data breaches.
Consumers want to hear about data breaches - Eighty five percent of respondents in a recent study say learning about the loss of their data is pertinent to them. However, when they do, 72 percent indicated that they are dissatisfied with the notification letters they receive. Companies need to take note of these findings because more than one-third of consumers who receive a notification letter contemplate ending their relationship with the company. Providing affected individuals with a membership in an identity protection product is extremely important since 58 percent of consumers consider identity protection to be favorable compensation after a breach. Learn five pitfalls to avoid in your notification letters and how Experian Data Breach Resolution can help. Source: Download the complete 2012 consumer study on data breach notification.
When data breaches occur, damage to a company’s reputation becomes a significant cost that must be factored into the total financial loss.
The rash of large-scale data breaches in the news begs many questions, one of which is this: how do hackers select their victims?
As breaches increase, breach notifications do too. Breach notification fatigue might put your customers to sleep.
Anyone keeping tabs on the legal scene would think data breaches are something new, given all of the legislation hitting the floor of Congress, when in reality they have been happening since businesses began saving data. The truth is the average consumer didn’t really think about it until they started to hear about data breaches and fraud trends when California blazed a trail with what is considered to be the “grandma” of data breach laws back in 2002. The California law (CA SB 1386) required entities to report data breaches if a California resident was a record in the breach that included personally identifiable information and met the state’s criteria for breach. One might say that law started it all: data breach reporting, the ability for watchdog tracking, and media coverage – before CA SB 1386 we only saw the tip of the iceberg. There are currently four bills worth watching in Congress right now that could have some significant impact to data breach notification requirements: Senate Bill 139, sponsored by California Sen. Diane Feinstein. The Data Breach Notification Act would cover any agency or business that uses or stores personal identifiable information and make it mandatory that if a breach occurred, the victims would be informed Senate Bill 3579, the Carper-Bennett legislation, entitled the Data Security Act of 2010 applies to financial institutions, retailers and government agencies, and would require these entities to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud. This bill is aimed to protect consumers and businesses from identity theft and account fraud. Senate Bill 3742, entitled The Data Security and Breach Notification Act of 2010, sponsored by Senators Mark Pryor and Jay Rockefeller would cross industries and requires special requirements for data brokers. It was referred this month to the Committee on Commerce, Science and Technology, which Rockefeller chairs. Senate Bill 1490, entitled the Personal Data Privacy and Security Act, designates as fraud unauthorized access of personally identifiable information and allows the act to lead to racketeering charges. Sponsored by Senate Judiciary Committee Chairman, Patrick Leahy, it would also prohibit concealment of security breaches involved in fraud and prohibit the dismissal of a Chapter 7 bankruptcy case if the debtor is an identity-theft victim. Many organizations already provide for data breach and the security of personally identifiable information as part of an Identity Theft Prevention Program or Red Flags Rule compliance. I’m happy to say that many rely on Experian tools (https://www.experian.com/data-breach/data-breach-resources.html) for data breach or Enterprise Risk Management solutions. However, any of these bills could change the game for many businesses not already regulated by the Gramm-Leach-Bliley Act (GLB), the Fair Credit Reporting Act (FCRA) or Fair and Accurate Credit Transactions Act (FACTA). In fact, two of the bills would essentially subject data brokers to the same kinds of legislation that financial institutions have under FCRA. The reasoning behind it is that fraud trends continue to show risk levels are the same to the consumer, regardless of where the information is stored. The financial industry and credit bureau data have been regulated for years so, in a sense, I think it’s just “more of the same” unless you happen to be in an industry not regulated as stringently. Still… it’s worth keeping those “tabs” and RSS feeds alive.
Quite a scary new (although in some ways old) form of identity theft in the headlines recently. Here’s a link to the article, which talks about how children’s dormant Social Security numbers are being found and sold by companies online under the guise of CPN’s – aka credit profile numbers or credit protection numbers. Using deceased, “found”, or otherwise illicitly obtained Social Security numbers is not something new. Experian’s and any good identity verification tool is going to check against the Social Security Administration’s list of numbers listed as deceased as well as check to ensure the submitted number is in an SSA valid issue range. But the two things I find most troubling here are: One, the sellers have found a way around the law by not calling them Social Security numbers and calling them CPN’s instead. That seems ludicrous! But, in fact, the article goes on to state that “Because the numbers exist in a legal gray area, federal investigators have not figured out a way to prosecute the people involved”. Two, because of the anonymity and the ability to quickly set up and abandon “shop”, the online marketplace is the perfect venue for both buyer and seller to connect with minimal risk of being caught. What can we as consumers and businesses take away from this? As consumers, we’re reminded to be ever vigilant about the disclosure of not only OUR Social Security number but that of our family members as well. For businesses, it’s a reminder to take advantage of additional identity verification and fraud prediction tools, such as Experian’s Precise ID, Knowledge IQ, and BizID, when making credit decisions or opening accounts rather than relying solely on consumer credit scores.