DATA BREACH RESPONSE - FTC
DATA BREACHRESPONSEA Guide for BusinessFederal Trade Commission business.ftc.gov
You just learned that your business experienced a databreach. Whether hackers took personal informationfrom your corporate server, an insider stole customerinformation, or information was inadvertently exposed onyour company’s website, you are probably wondering whatto do next.What steps should you take and whom should you contactif personal information may have been exposed? Althoughthe answers vary from case to case, the following guidancefrom the Federal Trade Commission (FTC) can help youmake smart, sound decisions.This guide addresses the steps to take once abreach has occurred. For advice on implementing aplan to protect consumers’ personal information andprevent breaches and unauthorized access, checkout the FTC’s Protecting Personal Information: AGuide for Business and Start with Security: A Guidefor Business.
Secure Your OperationsMove quickly to secure your systems and fix vulnerabilitiesthat may have caused the breach. The only thing worsethan a data breach is multiple data breaches. Take steps soit doesn’t happen again. Secure physical areas potentially related to thebreach. Lock them and change access codes,if needed. Ask your forensics experts and lawenforcement when it is reasonable to resumeregular operations.Mobilize your breach response team right away to preventadditional data loss. The exact steps to take depend on thenature of the breach and the structure of your business.Assemble a team of experts to conduct a comprehensivebreach response. Depending on the size and natureof your company, they may include forensics, legal,information security, information technology, operations,human resources, communications, investor relations,and management. Identify a data forensics team. Consider hiringindependent forensic investigators to help youdetermine the source and scope of the breach.They will capture forensic images of affectedsystems, collect and analyze evidence, and outlineremediation steps. Consult with legal counsel. Talk to your legalcounsel. Then, you may consider hiring outside legalcounsel with privacy and data security expertise.They can advise you on federal and state laws thatmay be implicated by a breach.1
Stop additional data loss. Take all affected equipmentoffline immediately — but don’t turn any machines off untilthe forensic experts arrive. Closely monitor all entry and exitpoints, especially those involved in the breach. If possible,put clean machines online in place of affected ones. Inaddition, update credentials and passwords of authorizedusers. If a hacker stole credentials, your system will remainvulnerable until you change those credentials, even ifyou’ve removed the hacker’s tools.Remove improperly posted information from the web. Your website: If the data breach involved personalinformation improperly posted on your website,immediately remove it. Be aware that internetsearch engines store, or “cache,” informationfor a period of time. You can contact the searchengines to ensure that they don’t archive personalinformation posted in error. Other websites: Search for your company’sexposed data to make sure that no other websiteshave saved a copy. If you find any, contact thosesites and ask them to remove it.Interview people who discovered the breach. Also, talkwith anyone else who may know about it. If you have acustomer service center, make sure the staff knows whereto forward information that may aid your investigation of thebreach. Document your investigation.Do not destroy evidence. Don’t destroy any forensic evidencein the course of your investigation and remediation.2
Fix VulnerabilitiesThink about service providers. If service providers wereinvolved, examine what personal information they canaccess and decide if you need to change their accessprivileges. Also, ensure your service providers are takingthe necessary steps to make sure another breach does notoccur. If your service providers say they have remediedvulnerabilities, verify that they really fixed things.Check your network segmentation. When you set up yournetwork, you likely segmented it so that a breach on oneserver or in one site could not lead to a breach on anotherserver or site. Work with your forensics experts to analyzewhether your segmentation plan was effective in containingthe breach. If you need to make any changes, do so now.Work with your forensics experts. Find out if measuressuch as encryption were enabled when the breachhappened. Analyze backup or preserved data. Review logsto determine who had access to the data at the time of thebreach. Also, analyze who currently has access, determinewhether that access is needed, and restrict access if itis not. Verify the types of information compromised, thenumber of people affected, and whether you have contactinformation for those people. When you get the forensicreports, take the recommended remedial measures as soonas possible.Have a communications plan. Create a comprehensiveplan that reaches all affected audiences — employees,customers, investors, business partners, and otherstakeholders. Don’t make misleading statements aboutthe breach. And don’t withhold key details that might helpconsumers protect themselves and their information. Also,don’t publicly share information that might put consumers atfurther risk.3
Anticipate questions that people will ask. Then, put top-tierquestions and clear, plain-language answers on yourwebsite where they are easy to find. Good communicationup front can limit customers’ concerns and frustration,saving your company time and money later.Notify Appropriate PartiesWhen your business experiences a data breach, notifylaw enforcement, other affected businesses, andaffected individuals.Determine your legal requirements. All states, theDistrict of Columbia, Puerto Rico, and the Virgin Islandshave enacted legislation requiring notification of securitybreaches involving personal information. In addition,depending on the types of information involved in thebreach, there may be other laws or regulations that apply toyour situation. Check state and federal laws or regulationsfor any specific requirements for your business.Notify law enforcement. Call your local police departmentimmediately. Report your situation and the potential riskfor identity theft. The sooner law enforcement learnsabout the theft, the more effective they can be. If yourlocal police aren’t familiar with investigating informationcompromises, contact the local office of the FBI or the U.S.Secret Service. For incidents involving mail theft, contactthe U.S. Postal Inspection Service.Did the breach involve electronic personal health records?Then check if you’re covered by the Health BreachNotification Rule. If so, you must notify the FTC and, in somecases, the media. Complying with the FTC’s Health BreachNotification Rule explains who you must notify, and when.4
Also, check if you’re covered by the HIPAA BreachNotification Rule. If so, you must notify the Secretary of theU.S. Department of Health and Human Services (HHS) and,in some cases, the media. HHS’s Breach Notification Ruleexplains who you must notify, and when.Health Breach ResourcesHIPAA Breach Notification cationHHS HIPAA Breach Notification cation/breach-reportingComplying with the FTC’s Health BreachNotification Rule:ftc.gov/healthbreachnotificationruleNotify affected businesses. If account access information— say, credit card or bank account numbers — has beenstolen from you, but you don’t maintain the accounts, notifythe institution that does so it can monitor the accountsfor fraudulent activity. If you collect or store personalinformation on behalf of other businesses, notify them ofthe data breach.If Social Security numbers have been stolen, contact themajor credit bureaus for additional information or advice.If the compromise may involve a large group of people,5
advise the credit bureaus if you are recommending thatpeople request fraud alerts and credit freezes for theirfiles.Equifax: equifax.com/personal/credit-report-servicesor 1-800-685-1111Experian: experian.com/help or 1-888-397-3742TransUnion: t ransunion.com/credit-help or 1-888-909-8872Notify individuals. If you quickly notify people that theirpersonal information has been compromised, they can takesteps to reduce the chance that their information will bemisused. In deciding who to notify, and how, consider: state laws the nature of the compromise the type of information taken the likelihood of misuse the potential damage if the information is misusedFor example, thieves who have stolen names and SocialSecurity numbers can use that information not only tosign up for new accounts in the victim’s name, but also tocommit tax identity theft. People who are notified early cantake steps to limit the damage.When notifying individuals, the FTC recommends you:6 Consult with your law enforcement contact aboutthe timing of the notification so it doesn’t impedethe investigation. Designate a point person within your organizationfor releasing information. Give the contact personthe latest information about the breach, yourresponse, and how individuals should respond.
Consider using letters (see sample on page 10),websites, and toll-free numbers to communicatewith people whose information may have beencompromised. If you don’t have contact informationfor all of the affected individuals, you can buildan extensive public relations campaign into yourcommunications plan, including press releases orother news media notification. Consider offering at least a year of free creditmonitoring or other support such as identitytheft protection or identity restoration services,particularly if financial information or Social Securitynumbers were exposed. When such information isexposed, thieves may use it to open new accounts.State breach notification laws typically tell you whatinformation you must, or must not, provide in your breachnotice. In general, unless your state law says otherwise,you’ll want to: Clearly describe what you know about thecompromise. Include:»» how it happened»» what information was taken»» how the thieves have used the information(if you know)»» what actions you have taken to remedythe situation»» what actions you are taking to protectindividuals, such as offering free creditmonitoring services»» how to reach the relevant contacts in yourorganization7
Consult with your law enforcement contact about whatinformation to include so your notice doesn’t hamperthe investigation.8 Tell people what steps they can take, given thetype of information exposed, and provide relevantcontact information. For example, people whoseSocial Security numbers have been stolen shouldcontact the credit bureaus to ask that fraud alertsor credit freezes be placed on their credit reports.See IdentityTheft.gov/databreach for informationon appropriate follow-up steps after a compromise,depending on the type of personal information thatwas exposed. Consider adding this information asan attachment to your breach notification letter, aswe’ve done in the model letter on page 10. Include current information about how to recoverfrom identity theft. For a list of recovery steps, referconsumers to IdentityTheft.gov. Consider providing information about the lawenforcement agency working on the case, if thelaw enforcement agency agrees that would help.Identity theft victims often can provide importantinformation to law enforcement. Encourage people who discover that theirinformation has been misused to report it to theFTC, using IdentityTheft.gov. IdentityTheft.gov willcreate an individualized recovery plan, based onthe type of information exposed. And, each reportis entered into the Consumer Sentinel Network,a secure, online database available to civil andcriminal law enforcement agencies. Describe how you’ll contact consumers in thefuture. For example, if you’ll only contact consumers
by mail, then say so. If you won’t ever call themabout the breach, then let them know. Thisinformation may help victims avoid phishing scamstied to the breach, while also helping to protectyour company’s reputation. Some organizationstell consumers that updates will be posted on theirwebsite. This gives consumers a place they can goat any time to see the latest information.Model LetterThe following letter is a model for notifying peoplewhose Social Security numbers have been stolen.When Social Security numbers have been stolen, it’simportant to advise people to place a free fraud alertor credit freeze on their credit files. A fraud alert mayhinder identity thieves from getting credit with stoleninformation because it’s a signal to creditors to contactthe consumer before opening new accounts or changingexisting accounts. A credit freeze stops most access to aconsumer’s credit report, making it harder for an identitythief to open new accounts in the consumer’s name.9
[Name of Company/Logo]Date: [Insert Date]NOTICE OF DATA BREACHDear [Insert Name]:We are contacting you about a data breach thathas occurred at [insert Company Name].What Happened?[Describe how the data breach happened,the date of the breach, and how the stoleninformation has been misused (if you know).]What Information Was Involved?This incident involved your [describe the typeof personal information that may have beenexposed due to the breach].What We Are Doing[Describe how you are responding to the databreach, including: what actions you’ve takento remedy the situation; what steps you aretaking to protect individuals whose informationhas been breached; and what services you areoffering (like credit monitoring or identity theftrestoration services).]10
What You Can DoThe Federal Trade Commission (FTC)recommends that you place a free fraud alerton your credit file. A fraud alert tells creditors tocontact you before they open any new accountsor change your existing accounts. Contact anyone of the three major credit bureaus. As soon asone credit bureau confirms your fraud alert, theothers are notified to place fraud alerts. The initialfraud alert stays on your credit report for oneyear. You can renew it after one year.Equifax: equifax.com/personal/credit-report-servicesor 1-800-685-1111Experian: experian.com/help or 1-888-397-3742TransUnion: transunion.com/credit-helpor 1-888-909-8872Ask each credit bureau to send you a free creditreport after it places a fraud alert on your file.Review your credit reports for accounts andinquiries you don’t recognize. These can be signs ofidentity theft. If your personal information has beenmisused, visit the FTC’s site at IdentityTheft.gov toreport the identity theft and get recovery steps.Even if you do not find any suspicious activity onyour initial credit reports, the FTC recommendsthat you check your credit reports periodically soyou can spot problems and address them quickly.You may also want to consider placing a free creditfreeze. A credit freeze means potential creditorscannot get your credit report. That makes it less11
likely that an identity thief can open new accountsin your name. To place a freeze, contact each ofthe major credit bureaus at the links or phonenumbers above. A freeze remains in place untilyou ask the credit bureau to temporarily lift it orremove it.We have attached information from the FTC’swebsite, IdentityTheft.gov/databreach, aboutsteps you can take to help protect yourself fromidentity theft. The steps are based on the typesof information exposed in this breach.Other Important Information[Insert other important information here.]For More InformationCall [telephone number] or go to [Internetwebsite]. [State how additional information orupdates will be shared/or where they will beposted.][Insert Closing][Your Name]As noted above, we suggest that you include advice that istailored to the types of personal information exposed. Theexample below is for a data breach involving Social Securitynumbers. This advice and advice for other types of personalinformation is available at IdentityTheft.gov/databreach.12
Also, consider enclosing with your letter a copy of IdentityTheft: A Recovery Plan, a comprehensive guide from theFTC to help people address identity theft. You can order theguide in bulk for free at bulkorder.ftc.gov. The guide will beparticularly helpful to people with limited or no internet access.Optional AttachmentFEDERAL TRADE COMMISSIONIdentityTheft.govWhat information was lost or exposed?Social Security number If a company responsiblefor exposing yourinformation offers you freecredit monitoring, takeadvantage of it. Get your free credit reportsfrom annualcreditreport.com.Check for any accountsor charges you don’trecognize. Consider placing a creditfreeze. A credit freezemakes it harder forsomeone to open a newaccount in your name. If you place a freeze, beready to take a few extrasteps the next time youapply for a new creditcard or cell phone — orany service that requiresa credit check. If you decide not toplace a credit freeze, atleast consider placing afraud alert. Try to file your taxes early— before a scammer can.Tax identity theft happenswhen someone uses yourSocial Security number toget a tax refund or a job.Respond right away toletters from the IRS. Don’t believe anyone whocalls and says you’ll bearrested unless you payfor taxes or debt — evenif they have part or allof your Social Securitynumber, or they say they’refrom the IRS. Continue to checkyour credit reports atannualcreditreport.com.You can order a free reportfrom each of the threecredit reporting companiesonce a year.
For More Guidance From the FTCThis publication provides general guidance foran organization that has experienced a data breach.If you’d like more individualized guidance, you maycontact the FTC at 1-877-ID-THEFT (877-438-4338).Please provide information regarding what has occurred,including the type of information taken, the numberof people potentially affected, your contact information,and contact information for the law enforcement agentwith whom you are working. The FTC can prepare itsConsumer Response Center for calls from the peopleaffected, help law enforcement with information fromits national database of reports, and provide you withadditional guidance as necessary. Because the FTChas a law enforcement role with respect to informationprivacy, you may seek guidance anonymously.For additional information and resources, please visitbusiness.ftc.gov.Federal Trade Commissionbusiness.ftc.govFebruary 2021
the breach. If you need to make any changes, do so now. Work with your forensics experts. Find out if measures such as encryption were enabled when the breach happened. Analyze backup or preserved data. Review logs to determine who had access to the data at the time of the
Jul 02, 2018 · 9 2018 Data Breach Investigations Report, Verizon, 2018 10 The 2017 State of Endpoint Security Risk, Ponemon Institute, 2018 11 2017 Annual Data Breach Year-End Review, ITRC, 2017 12 2018 Cost of a Data Breach Study: Global Overview, Ponemon Institute, 2018 Only 39 percent of company C-suite executives know a data breach response plan exists.8 .File Size: 1MB
Former VP of Sales for Defendant Alliance Security Inc. FTC-0000219 : FTC-0000231 : 23 : Transcript of Deposition of Defendant Jasjit Gotra, CEO of Defendant Defendant Alliance Security Inc. FTC-0000232 ; FTC-0000261 : 24 ; Transcript of Deposition of Justin Ramsey, former Lead Generator and Telemarketer for Defendant Alliance Security Inc. FTC .
Kettering FTC Workshop EW - 2015 FTC –JAVA PROGRAMMING Workshop 2015 Eric Weber FRC: 1322, FTC: 5954 & 7032
The FTC and the Law Firm agreed to speak. again on June 20, 20 II. During those conversations and in a subsequent letter from the FTC on June 21, 20 II, the FTC failed to show (or even articulate) good cause as to why it needs this informatIon from the Law Firm as required by the FTC administrative rules and common law principles favoring the
of virtual sensors/actuators to deal with sensor and actuator faults, respectively. More precisely, these FTC schemes, that have been proposed previously in state space form, are reformulated in input/output form. Since an active FTC strategy is used, the FTC module uses the information from the FDI module to replace the
Franchise " which can help you understand how to use this disclosure document, is available from the Federal Trade Commission. You can contact the FTC at 1-877-FTC-HELP or by writing to the FTC at 600 Pennsylvania Avenue, NW, Washington, D.C. 20580. You can also visit the FTC's home page at
This paper analyzes Target's data breach incident from both technical and legal perspectives. The description of the incident and the analysis of the involved malware explain how flaws in the Target's network were exploited and why the breach was undiscovered for weeks. The Target data breach is still under investigation and there
Civil Engineering Technology Mechanical Engineering Technology (BSc/BS) (Revised 2016) HIGHER EDUCATION COMMISSION ISLAMABAD-PAKISTAN . 2 CURRICULUM DIVISION, HEC Prof. Dr. Mukhtar Ahmed Chairman, HEC Prof. Dr. Arshad Ali Executive Director, HEC Mr. Muhammad Raza Chohan Director General (Acad) Ms. Ghayyur Fatima Director (Curriculum) Mr. Riaz-ul-Haque Assistant Director (Curr) 3 PREFACE The .
