Epsilon and Sony are just two of the corporations reported as having data loss incidents in recent years, according to DataLossDB, a research project operating under Open Security Foundation with the mission to document and report company data loss and breach incidents world-wide. So far, the two largest data loss incidents involved over 100 million records.
Data losses or breaches may include loss or theft of digital media, such as hard drives, laptop computers, or mobile devices where such information may be stored unencrypted, hacking into company systems and database through a firewall, or simply human or employee error.
While you may need to collect some information from your customers, such as postal and email addresses, the Federal Trade Commission (FTC) outline 5 action steps to take if your customer’s data is stolen:
1) Notify customers with a data breach notification letter immediately. Your notification letter should include all the facts about the data breach: what information was compromised, how it happened, how the compromised information could be used, and what steps you have already taken. The FTC provides a model letter to serve as a guide.
2) Notify the credit bureaus. If the data breach involved large parties, you should notify the credit bureau alerting them to the compromised data. If social security numbers were stolen, ask the affected individuals to notify the three major credit bureaus: Equifax, Experian, and TransUnion.
3) Notify local law enforcement. If the data breach may result in harm to an individual or business, call your local police department as soon as possible. If the incident involves mail theft, get in touch with the U.S. Postal Inspection Service. Should your local police personnel not have expertise in investigating data compromises, contact the local divisions of the FBI or U.S. Secret Service.
4) Notify affected businesses. An information compromise may affect other businesses besides your own. For instance, if bank account numbers or credit card numbers were stolen, notify the affected bank or credit card company to either close the accounts or monitor for fraudulent activity.
5) Notify the Federal Trade Commission. The last action step to take if your customer’s data is stolen is to file a complaint with the FTC. The FTC is a consumer watchdog for identify theft, and maintains an identity theft database of cases for use by law enforcement agencies and others for investigations. You can file a complaint with the FTC by calling 1-877-ID-THEFT (877-438-4338) or by going online at www.ftc.gov/idtheft.