top of page

Combatting Breach Fatigue



What was your reaction to the recent news that the cybercriminal group USDoD had gained access to personal records of over 2.5 billion people from the background check service National Public Data (NPD), and published them on a hacking forum? The hacking group originally offered the stolen data for sale on the dark web for 3.5 million dollars, but recently the majority of the data set was reportedly made freely available, which included individuals’ full names, addresses, birthdates, social security numbers, and phone numbers.


For many people the general response seemed to be acceptance that this is par for the course in today’s data driven world.


The massive NPD incident follows recent cases where highly sensitive customer information was revealed in the AT&T and Neiman Marcus breaches. More than 73 million former and current customers’ personal data was published in the AT&T breach (including plainly exposed SSNs), and the Neiman Marcus breach revealed data (such as credit card information) on more than 40 million customers.


Given the regularity of this type of bad news, it is hard to stay vigilant in protecting personal information. But complacency will increase the possibility of breached information being used in nefarious ways.


To combat breach fatigue, Insite recommends the following mitigation steps:


  • Obtain a copy of your credit report and audit for fraudulent activity. You can check your reports every year for free at annualcreditrreport.com.

  • Freeze your credit profile with Transunion, Equifax, and Experian and consider second-tier bureaus including Innovis, the National Consumer Telecom & Utilities Exchange (NCTUE), and ChexSystems. Credit Freezes can be lifted or “thawed” at each of the credit bureaus’ individual websites in the event that you legitimately need to apply for a loan or obtain credit.

  • File your taxes as early as possible before a potential scammer can and take other preventative measures. Fraudulent tax returns are a popular form of identity fraud utilizing stolen SSNs. Create a six-digit security pin through the IRS website, which will be required to verify your identity and submit your taxes for future filings.

bottom of page