Post Breach Identity Theft Monitoring: Too Little Too Late
In 2014, the population of lifelong government workers fell victim to the massive data breach of the Office of Personnel Management. The individuals, both employed and retired, received notification that their very sensitive and detailed personal information was now in the hands of the Chinese government. The solution they were offered was identity theft protection. Wait. What? Their personal identifying information was already stolen. How will this protect them exactly?
The answer is: it won’t protect against identity theft.
The people who were exposed are extremely vulnerable to being targeted in attacks against our national security. Anyone with access to this data could create fantastically effective spear phishing campaigns and would know the connections and relationships that could best be exploited to access the information and organizations they want.
Identity theft protection will not protect you from these targeted attacks. A monitoring service will watch credit reports and public records for changes. If the criminal applies for a new credit card or takes out a loan, it will show up. Similarly, if a new address appears in the public records, it will trigger an alert. Regardless, at this point, the victim has already been defrauded, and the damage has been inflicted.
Breached companies must get ahead of attacks and provide security that protects victims before they are victimized again
Organizations can protect their employees with next-generation isolation tools that not only capture and destroy potential malware, but also disguise your identity to avoid targeted attacks where they start.
Read more about Post Breach Identity Theft Monitoring in my recent SecurityWeek article.