Cybersecurity Awareness Month (October) serves as a reminder of the importance of preparing for potential data breaches and knowing how to respond when you learn that your personal information has been compromised.
What is a data or security breach?
A data or security breach is the unauthorized access to and acquisition of personal information which causes or reasonably is believed will cause a risk of identity theft.
What is “personal information”?
In Ohio, personal information is an individual’s name connected with any of the following:
Social Security number; Driver’s license number or state identification card number; or
account number, credit, or debit card number linked to a security code or password. Sometimes companies have a broader definition of personal information that may include a combination of username, password, email address, etc.
Do consumers need to be notified of a breach?
Under the Ohio Security Breach Notification Act, consumers must be notified of any security breach to stored personal information that may reasonably cause a material risk of identity theft or other fraud.
How quickly must a business notify consumers of a breach?
Consumers must be notified in the quickest way possible but not later than 45 days after the breach is discovered.
What is an acceptable notice of a breach?
The type of notice required depends on the number of consumers affected and the size of the business. Depending on these factors, it may be acceptable to notify consumers in writing; via e- mail or electronic notice; over the phone; through the local newspaper; on the business’s website; or through notification to major media outlets in the area where the entity is located.
Here are some ways to protect yourself if you fall victim to a data breach:
- Read all notifications from the company. Many times, companies offer free credit monitoring and explain how to enroll.
- Change your password(s) immediately. To ensure that you replace the current password with a strong password, choose one that is at least 12 characters and uses a combination of upper- and lowercase letters, numbers and special characters.
- Create a unique password. Do not recycle passwords that you might use for other accounts. If the password used for the breached account is one you use on other accounts, remember to change the password on all applicable accounts.
- Use multifactor authentication, which requires an additional step after you log into your account – such as a text to your cellphone – to gain access to that account. Multifactor authentication provides an extra layer of security.
- Review any bank account or payment method tied to the data breach. This might include credit cards, peer-to-peer payment platforms and bank cards.
- Check your credit report. You can check your credit report weekly at www.annualcreditreport.com through the end of 2023. You may want to put a fraud alert on your credit reports by contacting any of the three major credit-reporting agencies (Experian, Equifax or TransUnion). You can also freeze all three of your credit reports by contacting each of the agencies. Putting a fraud alert or credit freeze on your reports won’t affect your credit score, and the alert is free.
Consumers who suspect an unfair business practice or want help addressing a consumer problem should contact the Ohio Attorney General’s Office at www.OhioProtects.org or 800-282-0515.