Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Day 14 - Containment: a Personal IdentityTheft Incident - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Day 14 - Containment: a Personal IdentityTheft Incident

Containing a IDtheft incident can be seen from multiple sides.

The organization leaking the sensitive information by accident

As always being prepared is key to reacting properly. Randy wrote: "An organization must identify and classify personally identifiable information (PII) in order to contain the accidental disclosure that could result in consumers being exposed to identity theft." Information processing for such information could be segregated from the mainstream of the systems and be placed under closer monitoring and tighter security measures.

But if it does go wrong you need an action plan involving key stakeholders in order to abide local laws and regulations as well as protect the interests of the individuals who confided the sensitive data to the organization. Randy goes on: "This data breach plan should be be tested much like a disaster recovery plan to ensure that each team member understands their role."

Still how do you plan to contain a breach?

Depending on what was identified as leaked, the plan should at least consider how to most effectively

  • Consider requirements form a legal and regulatory viewpoint
  • Communicate the problem to affected individuals so they can assist from their end
  • Offer some sort of protection to the affected individuals
  • Cover any wanted or unwanted media attention appropriately
  • Work with authorities and law enforcement

 

The individual having his personal information exposed.

What better to learn than from a victim. 

 

Living in a county where the issue is much more privacy, not by far not so much IDtheft (we have decent ways to authenticate ourselves), I'm counting on your feedback on how you plan to contain such incidents, and will update it with submssions we receive.

--
Swa Frantzen -- Section 66

Swa

760 Posts
I have also been notified by BNY-Mellon that my PII is at risk. Within the last two weeks, I have received incredibly realistic-looking phishing messages, purporting to be from JPMorgan Chase
(with obfuscated links to the email.chase.com domain). I have confirmed that these messages are fraudulent. The disturbing part is that these messages contained my full name and the *correct* last 4-digits of my credit card!
Richard

2 Posts
I have also been notified by BNY-Mellon that my PII is at risk. Within the last two weeks, I have received incredibly realistic-looking phishing messages, purporting to be from JPMorgan Chase
(with obfuscated links to the email.chase.com domain). I have confirmed that these messages are fraudulent. The disturbing part is that these messages contained my full name and the *correct* last 4-digits of my credit card!
Richard

2 Posts

Sign Up for Free or Log In to start participating in the conversation!