Data Breach Resources

Resources for Individuals Affected by a Data Breach

First Steps

If you receive notice that your personal information was involved in a data breach, consider taking these two important steps:

1. Place a fraud alert and security freeze on your credit reports.

You can a place a fraud alert with one phone call to one of the three major credit bureaus. This will prevent cyber criminals from opening additional accounts in your name. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will automatically be notified to place fraud alerts, and all three will send you credit reports free of charge. Review the reports carefully for accounts you did not open, debts you cannot explain, or inaccurate information.

Visit our Credit Freeze & Fraud Alerts page for more information on how to place an alert or freeze.

1. Monitor your financial accounts, billing statement and credit reports for any suspicious activity.

You may request a free annual credit report from each of the major nationwide credit bureaus at www.annualcreditreport.com or call 1-877-322-8228.

Mitigating Identity Theft

Our office has information to help you mitigate your risk of identity theft. Much of this information also applies to mitigating your risk of a data breach. View our Protecting Personal Information Page for more information.

Additionally, if you receive notice that your data was exposed in a data breach, and you suspect your identity may have been stolen as a result, consider consulting the AGO’s guide on recovering from identity theft.

You can also report your situation directly to the Federal Trade Commission (FTC) online at identitytheft.gov. This website will record your report and offers tools to help you develop and execute a personal recovery plan.

Additionally, you can report your situation to your local police department and ask businesses to provide you with information about suspicious transactions made in your name. Download a template letter you can complete and send to businesses to request records.

Resources for Businesses and Agencies

Any organization entrusted with individuals’ information is potentially susceptible to a data breach. The Attorney General’s Office provides the following resources to help inform businesses on steps to secure the data they hold and protect it from being breached.

For additional information on data breach notification laws and requirements, visit our page on Washington’s Data breach and Notification Laws.

Protecting Consumers’ Data

Below are basic steps for businesses to protect consumers’ personal information:

• Understand your business’ needs and how they relate to data security. This includes knowing what information you collect about consumers or clients, and knowing what information you retain and how it is retained.
• Consider identifying if the data you hold is subject to the definition of personal information under RCW 19.255.
• Minimize the amount of information that you collect and retain. Collect only information necessary to meet your business needs. Delete any information that is no longer necessary. Consider reviewing RCW 19.215, “Disposal of Personal Information” for more details.
• Develop policies for the collection, encryption, and use of personal information.
• Create and implement an information security plan, including an action plan for steps to take in the event of a data breach. This could include developing a dedicated Incident Response Team, or implementing automated security technologies to detect attempted breaches.

External Resources

• FTC’s “Protecting Personal Information: A Guide for Business”
  • This guide provides more in-depth information on the basic steps outlined above for protecting consumers’ data.
• FTC’s “Data Breach Response: A Guide for Business”
  • This guide provides critical information detailing what a business should do upon learning that their data security systems have been breached.
• FTC’s “Privacy and Security” webpage
  • This webpage provides valuable information about existing Federal data privacy laws, including additional resources for businesses.
• Better Business Bureau’s Cybersecurity HQ
  • This webpage contains business education resources for small and midsize businesses to help them manage cybersecurity risks and learn about best practices.
• Internet Crime Complaint Center (IC3)
  • Internet Crime Complaint Center is the nation’s central hub for reporting cybercrime. It also provides resources, such as industry alerts, to help keep businesses aware of recent cybercrime trends.
• Cybersecurity & Infrastructure Security Agency’s “I’ve Been Hit By Ransomware!” guide
  • This guide provides step-by-step instructions for businesses to take after being hit with a ransomware attack.
• Cyber Readiness Institute’s Ransomware Playbook
  • This guide provides businesses with information on how to prepare for, respond to, and recover from ransomware attacks.