In July 2021, fashion retailer Guess notified affected customers of a ransomware attack and data breach that occurred in February 2021. Breach victims learned that several of their most sensitive identity credentials — Social Security numbers, driver’s license numbers, passport numbers, financial account information — were exposed. They were forced to literally guess what kinds of future identity crimes they are at risk of, and even more importantly, what’s most critical for them to do right now to protect themselves. Forgive the pun on the famous Guess brand name, but guessing is where 100% of breach victims (and industry experts, for that matter) go wrong when it comes to knowing what to do after a breach.
Using new artificial intelligence (AI) technology, breach victims no longer need to rely on guesswork to determine if their risk profile has changed and exactly what they need to protect their financial lives.
The Value of Non-Generic and Actionable Breach Notifications
Data compromise is what makes identity crimes possible. If companies and individuals could stop the data from being exposed to criminals, identity crimes would disappear. But this ‘one-two’ sequence of identity crimes — steal the data, then use stolen data to impersonate the identity-holder — won’t go away. Every breach newly exposes a unique set of identity credentials to a new set of bad actors, such as contact information, financial account data, government-issued records (such as Social Security numbers), or medical data. These credentials can be used as literal keys to wreak havoc on victims’ financial lives.
The typical consumer is breached multiple times per year, and unfortunately, we can’t stop that. Here at Sontiq, we can help them understand the best actions to take based on the personally identifiable information (PII) exposed and their specific risk profile. Rather than advise consumers to take the same two or three actions for every single breach, we use AI to take an individualized approach. This empowers consumers to take effective actions when they’re breached, so they’re able to mitigate further damage.
The Guess breach is a good example to showcase how BreachIQ™ works. The AI-driven algorithm analyzes more than 1,300 data points of a data breach to assess the risk level and assign a 1 through 10 score. It then prescribes specific actions from over 50 unique possibilities consumers can take to protect themselves, giving each affected person an answer to the question, “so what do I do now?”
This AI method answers three important questions for victims of the Guess breach.
Personalized Answers to Guess Data Breach Victims’ Questions
How dangerous was the Guess data breach?
Pretty dangerous, scoring a ‘6’ on our 1-10 scale (where 10 is the worst possible).
This score is computed based on the particular risk profile assigned to the five particular identity records that were exposed to hackers, which included
- Social Security numbers
- Passport and Driver’s license numbers
- Financial account information
- Victims’ names
What risks were elevated by this breach?
- Fraudulent establishment of new credit (loan) accounts is the top risk. Financial providers rely most heavily on government-issued identity records for verifying the identity of new account applicants.
- Existing financial account access or takeover is the second-highest risk created. ID criminals often use government-issued ID records to impersonate the identity-holder when claiming that they lost their account password.
- Evading the law is generally of low risk to most people, but it’s the third-highest risk for victims of the Guess breach. Convicted criminals can sometimes work under an assumed identity in order to buy time to commit more crimes and avoid the long arm of the law. BreachIQ’s algorithm calculated this risk because it knows that ID criminals rely heavily on government-issued IDs — which are only rarely exposed in data breaches.
- Phone or utilities fraud is another less common form of fraud. For this breach, however, it is the fourth-highest risk because large service providers often rely on official ID documents.
- Up to eight more identity risks were elevated for this highly dangerous breach
“Evading the law is generally of low risk to most people, but it’s the third-highest risk for victims of the Guess breach.”
What actions must victims now prioritize to guard against the change to their risk profile?
- Set up two-factor authentication (2FA). This action can foil criminals trying to use exposed ID credentials to reset a supposedly ‘lost password’ in the victims’ name. When consumers do this, their financial providers win too, by experiencing lower fraud.
- Lock or freeze credit for those who don’t need to keep credit lines open or can manage opening them in the future.
- Set up credit monitoring, especially for those who can’t (or don’t wish to) freeze credit through all three bureaus. To be even more proactive, set up Identity Protection monitoring to keep an eye on personal information in public records, social media networks, the Dark Web, and people search sites.
- Notify the Department of Motor Vehicles (DMV or RMV). This lets state agencies flag records that other government employees of the risk profile assigned to the stolen IDs. In turn, this can potentially prevent identity crimes from occurring.
Breaches elevate risks of identity crimes, which totaled $56B in the U.S. alone last year. Guesswork only makes things worse on breach victims, yet identity holders have had no other option — until now.
Every new breach creates a unique pattern of identity risks—which in turn calls for equally unique action steps. New AI technology finally makes it possible to answer three questions for identity holders after they’ve been breached:
- How much risk do I face?
- What are those particular risks?
- What actions are most important to protect my finances?
It’s time to stop the guesswork! Learn how BreachIQ removes the one-size-fits-all approach to breach response, offering consumers personalized, recommended actions to protect themselves from further damage.
