Benefit implementation headaches and how to avoid them
5 min
In this article, we’ll go over some of the critical steps you should instruct your clients to take if they are impacted by an external data breach, as well as how they can use their identity protection benefit to simplify the process of responding to a data breach.
In 2024, over 1,350,835,988 data breach notices were issued—a staggering number and 211 percent increase from 2023. And when a data breach impacts your business or clients, the fallout can be overwhelming.
Businesses that are the victim of a data breach not only need to figure out the scale of the breach, what data it involved, and how it will impact their employees or customers, but they may also face fines and reputational damage.
If you’re partnering with an employer, a data breach can feel overwhelming—but the most important thing you can do is to stay calm and take quick, thoughtful action to help protect your clients and their employees.
What is a data breach and what does it mean?
A data breach, in its simplest terms, is unauthorized access into one or more of a company’s databases.
It’s important to note that a breach doesn’t always mean that data was actually stolen. However, you still need to remain vigilant and take precautionary steps to reduce the likelihood of digital crimes like fraud and identity theft.
If your clients or employees experience a data breach, there are two important questions to consider:
What information was accessed? The information accessed could be usernames and passwords, Social Security numbers, address and phone numbers, personal records such as health and financial histories, credit card numbers, and more. The company will often know exactly which records were accessed based on what files or resources were breached. Sometimes, however, they’ll report that the extent of the breach was “unclear.” When this is the case, it’s best to assume that any information stored with that company has been stolen.
When did the breach occur? Reports and news stories about breaches often break well after a breach has taken place, so keeping an eye out for communications from the affected vendor is critical, as is noting the actual date when the breach occurred. It’s important to note that even if a breach occurred 24 months ago, the exposed information may not have been sold on the dark web yet. Worse yet, some identity thieves wait a long period of time before using breached data to commit fraud, so fraud could happen at any time.
5 steps to help your clients after being impacted by a data breach
Step 1. Keep an eye out for critical communications
All 50 states and US territories have established data breach laws to protect consumers, and these laws often require organizations to notify them when a data breach occurs. However, different states have different laws on when and how these communications are sent out.
This communication might contain important information about what was accessed, whether personal information was involved, and any steps they are taking to help those who were impacted to avoid any problems. If your client or their employees were impacted by a data breach, you should instruct them to keep an eye on their mailboxes or email inboxes for these communications. The details they include can be critical when it comes to taking the right steps and preventing further damage.
If your clients and their employees have an identity protection benefit and access to dark web monitoring, you should instruct them to sign into their identity protection provider and check if any of the information they’ve entered into the tool has been detected on the dark web.
Step 2. Place a fraud alert with the credit bureaus to flag your report as potentially compromised
This is a quick and easy safeguard that requires vendors to verify an individual’s identity before extending credit. If your client’s employees have had personally identifiable information (PII) exposed in a breach, having your clients pass along this tip to their employees can be critical for preventing identity theft before it starts. This information can be passed along via email communications, meetings, messages in a messaging app, or even as a company-wide memo.
The Federal Trade Commission offers a simple guide to placing a fraud alert. These fraud alerts will protect accounts for one year and can be extended another year if you choose to do so.
Step 3. Review bank and credit accounts for any alerts
If your client’s employees have access to an identity protection benefit, they can use several tools to determine if they are being targeted by identity thieves as a result of the data breach. By logging into their identity protection account, they can see a range of notifications that can alert them to potential fraud, including:
Credit monitoring and suspicious activity alerts
New account creation and credentialing alerts
High-risk financial transaction alerts (with any linked financial accounts they’ve added)
Step 4. Pull a credit report
Having your client instruct their employees to pull a credit report can help your client’s employes detect any suspicious activity and prevent further identity theft from occurring. Anyone can pull their report without penalty once a year from each of the three big credit bureaus. One of the simplest ways to do this is to go to each bureau’s website:
Your client and their employees can also use their identity protection benefit to pull a credit report from the three credit bureaus or even use it to monitor their credit score for any unusual changes following a data breach.
Step 5. If you used a password with the breached company, change it
Thieves often take advantage of people who wait before taking necessary precautions like changing a password. If your clients or their employees use the same or a similar password on other accounts, they should change those as well. Whenever possible, they should activate two-factor authentication on their accounts—which add an extra security measure beyond a password—to help prevent possible theft after a breach.
However, it can be difficult to come up with passwords that meet security requirements—and even harder to remember them. Using a password manager, which is often accessible through an identity protection benefit, can help employees not only generate security-compliant passwords, but also store and remember them while protecting them from hacking attempts.
How Allstate Identity Protection can protect your clients and employees after a data breach
In the event of a data breach, there are many ways in which Allstate Identity Protection can help prevent further damage, including:
Monitoring for PII on the dark web: By monitoring for PII on the dark web and alerting members when its discovered, members can change their credentials and reduce the risk of them being used in a hacking attempt
Credit and financial account monitoring: With credit and financial account monitoring, members can easily detect fraudulent or suspicious activity and prevent further damage to their credit and potential financial losses
Full-service identity restoration: In the event that identity theft does occur, our certified team of experts will handle the identity restoration process from start to finish, saving members countless hours and reducing the significant stress that is associated with an identity theft incident
To learn more about how an identity protection benefit can help protect client and employee data and help them recover in the event of a data breach, reach out to our team.