As part of the tru Independence platform, your company email domain and address are continuously monitored on the Darkweb for data breaches or security incidents.

You can also opt-in to monitor any and all personal email addresses using the same service. Any notifications about breaches to company or personal email addresses will be sent monthly via an emailed report.

If your address is surfaced in a breach, please read on for some best practices for mitigation and remediation.

If your email address or other Personally Identifiable Information (PII) is stolen or otherwise involved in a data breach.

1. Change your Password

Regardless of whether login credentials were included in a breach, it’s usually best to change your password. Companies often provide details about how passwords were encrypted, salted, or hashed, but these concepts are complicated, and it can be confusing trying to ascertain how significant the threat is.

Typically it’s best to assume the worst and change your password after a breach.

If you reuse a password, data breaches can give hackers access to every site you use that password on. For example, if your password is “1234passwordpro” on both Amazon and Target.com, and Target.com gets hacked, someone may try a technique called “credential stuffing” to find other sites you’ve used that password on. Eventually, they’ll try it on Amazon, and then you’ll have two compromised accounts.

2. Enable 2FA / MFA

Wherever possible, you should enable 2FA (2 Factor Authentication) / MFA (Multi Factor Authentication) - 2 names for essentially the same thing. https://2fa.directory/ keeps a good list of sites that support MFA.

Typically, there are multiple options for receiving the "2nd factor". SMS and App based codes are the most common and convenient. Of these two, the App based method is generally preferred as if your cell number is exposed as part of a breach, it can be spoofed and used to compromise your account.

Popular MFA apps are Google Authenticator or Microsoft Authenticator (both available on your devices App Store). 

Also consider using a Password Manager. Workplace does a great job of keeping your every day work website credentials safe and secure but consider a 3rd party tool like 1Password, LastPass or Keeper to manage your personal life credentials. These allow you to create unique, complex passwords for each site you login to and also can most of the time serve as the MFA component to your logins

3. What to do if financial information has been exposed

Place a fraud alert with a national credit reporting agency – contacting one of the three credit
reporting agencies reduces the risk of accounts being opened in your name without your authorization.

Place the alert by calling either Equifax (800) 685‐1111, Experian (888) 397‐3742, or TransUnion (888)
909‐8872. If you place the alert with one agency, they will notify the other two for you. A fraud alert also
affords the right to a free credit report from each credit reporting agency.

Consider placing a credit freeze on your credit report – This will prevent new accounts from being
opened in your name. You can place a credit freeze by calling the three credit agencies at the phone
numbers listed above.

Check your financial accounts – close any accounts that were opened without your permission, and
close any of your existing accounts that have seen unauthorized activity.

Secure your proof of identity and file a complaint with the Federal Trade Commission – expect that
you will be required to complete and submit an affidavit and provide proof of your identity. The Federal Trade Commission’s ID Theft Affidavit is widely accepted and can be downloaded at https://www.identitytheft.gov/

File a police report – the police may only take the report as a courtesy and not pursue the matter. However, this step is still helpful to you because you will need proof you reported the matter to police.

Keep records of your actions – Log the steps you take to address the situation. Include numbers called, names of people you talked to, dates of calls, faxes, and mailings. Keep copies of all correspondence, affidavits, reports, etc.

Do not ignore the activity – you must take action to prove you are a victim and that you are not
the party responsible for the suspicious activity in question

4. Let us know!

Report the issue to tru HERE so we can give your devices a full checkup and make sure they all have a clean bill of health.