Data Protection – what to ask after a data breach
In the security sector, there is a common risk-driven methodology. This approach entails taking what we know about the situation, comparing it to our own, and finally, evaluating if we should be worried at all.
Perhaps the best approach to take each time a company (most often retail or finance) discloses a data breach, is to ask yourself the following questions:
- Do I shop there or use their services? Obviously, if you do not, then you are likely not affected. At least not immediately.
- How much personal information do I have? There is a substantial underground market for personally identifiable information that may be used for anything from credit card fraud to identity theft. The degree with which you are affected depends on how much you chose to share.
- Has the company advised you to take steps to secure your account? While many US-based organizations are mandated by law to disclose security events that have the chance to leak personally identifiable information, it’s best not to wait for them to tell you to change your password or pursue other safety measures.
- Should I continue to do business with the vendor? How are they handling the breach? Are they improving their security, such as recent rollouts in chip technology which was first adopted by Target and Home Depot?
The first step to data protection after a breach is to examine bank and credit card accounts, change passwords and contact the vendor.