With personal data becoming increasingly valuable to bad actors, data breaches are unfortunately becoming a regular occurrence. The situation is particularly alarming at a time when cybercriminals are arming themselves with more sophisticated technology.
Exhibit A is the recent theft of personal records belonging to 2.9 billion people from National Public Data. We’ll get into the details in a moment, but first let’s note that property managers are in a unique position to help residents respond to breaches, particularly when residents’ confidential information may have been exposed.
As a property manager, knowing how to guide your residents through using identity protection services can make a big difference in minimizing the damage resulting from the breach.
In today’s blog, we will cover:
Data breaches occur when unauthorized persons or organizations gain access to sensitive personal information. A recent breach involving the hacking group USDoD targeted National Public Data, exposing the personal records of 2.9 billion people.
This massive breach serves as a wake-up call for property managers and property management companies, as sensitive information such as names, addresses, contact information, Social Security numbers, driver’s license numbers, passport numbers, and financial records can be used by criminals to commit identity theft, fraud, and other crimes.
Even more alarming, stolen data can include biometric data, healthcare and medical information, and financial account information (such as debit card numbers and bank account numbers). In short, any and all computerized data comprising of all types of personal information can be breached.
The costs of data security breaches associated with personally identifiable information add up pretty quickly. In fact, recent years have seen a spike in the costs associated with cybercrime, likely because more and more organizations and financial institutions are opting to conduct high-value business transactions online (see image below).
Unfortunately, despite consumer protection and data privacy legislation, civil penalties, and law enforcement’s best efforts, criminal investigations are often hampered by jurisdictional issues, as cybercriminals don’t respect international borders!
For property managers, this type of cybersecurity breach is especially concerning because of the vast amount of personal information they collect and store about their residents.
The thing is, data breaches like this don’t just affect the residents directly. They can also lead to a breakdown of trust between residents and property managers. Being prepared to act quickly and effectively in the wake of a breach is essential to mitigating the damage and helping residents protect their identities.
If you manage properties that involve storing confidential resident information, it’s crucial to determine whether your company was affected by a breach. Here’s how you can figure that out:
Start by verifying whether your property management company was impacted by unauthorized access to information. This means reaching out to the breached organization directly (in this case, National Public Data) for more information and confirming whether any of your residents are among the affected individuals.
Beware of phishing attempts. Cybercriminals might try to trick you into believing your company has been affected when it hasn’t. Scammers may pose as the breached organization, sending fake notifications via email or phone. Always double-check the validity of any such communications. These often include unfamiliar email addresses, spelling and grammatical errors, and links to unknown URLs.
In some cases, residents may contact you directly after receiving notifications about the breach. Make sure you have accurate, verified information to provide them, ensuring they don’t fall prey to scammers who may exploit the situation further. Above all, stay calm and be patient when communicating with residents.
Once you’ve confirmed a breach, the next step is figuring out what type of information was stolen. Was it just email addresses, telephone numbers, and names, or were more sensitive details exposed, like Social Security numbers, identification card numbers, credit card information, health information, or home addresses? The more you know about the nature of the breach, the better you can help your residents respond appropriately.
For example, if a breach only involved email addresses, the threat might be lower than if Social Security numbers were leaked. However, if highly sensitive data is exposed, residents will need to take more substantial steps to protect themselves.
Once you’ve received a security breach notification indicating that your property management company and residents have been affected by a breach, you’ll need to notify your residents immediately and offer them guidance on what to do next.
Here are the essential information security steps you can recommend:
Encourage residents to change all passwords and personal identification numbers (PINs) associated with their accounts, especially if they use the same credentials across multiple platforms. It’s also a good idea to recommend a password manager to help them create and manage secure passwords. However, be cautious in suggesting a password manager—only recommend ones with a solid track record and no history of breaches themselves.
Additionally, advise residents to enable two-factor authentication (2FA) on all accounts that offer it. This extra layer of security requires a second form of identification (like a text message or authentication app) that provides an access code in addition to a password, making it more difficult for hackers to access their accounts.
Data brokers are companies that collect and sell personal information and data elements, often without individuals being fully aware of it. This information can include everything from names and addresses to purchasing habits and online behaviors. Unfortunately, during a data breach, the information collected by these brokers can be exploited by hackers, making it easier for criminals to commit unauthorized acquisition of data – and subsequently, fraud.
Encourage residents to take the next step of removing their personal information from these brokers' databases. Several online services allow individuals to opt out of data broker lists, but it often requires a proactive approach. Residents may need to contact these brokers directly or use opt-out services such as OptOutPrescreen.com or Do Not Call lists to ensure their data is no longer being distributed. While this process can be time-consuming, it adds another layer of protection, reducing the amount of personal information circulating online and making it harder for hackers to misuse.
Another important step residents should take is freezing or locking their credit. This prevents scammers from opening new accounts in their names. Freezing credit involves contacting the three major credit monitoring services—Experian, Equifax, and TransUnion—and requesting that their credit be locked. This way, even if a hacker has stolen their personal information, they won’t be able to take out loans or apply for credit cards using that information.
Additionally, residents can initiate a fraud alert with credit reporting agencies, to warn creditors that their information may have been stolen.
Another important step in minimizing the risk of identity theft is deleting old, unused online accounts. These accounts, often forgotten, can contain sensitive personal information that hackers can exploit in the event of a data breach. Residents may have accounts from years ago with shopping sites, social media platforms, or other services that still store their data.
Encourage residents to review and close any accounts they don’t use anymore. They can start by checking for accounts tied to old email addresses, searching for accounts that use their email or phone number, or even using tools like Mine, which can help locate inactive accounts.
By eliminating these forgotten accounts, residents reduce the number of potential entry points for hackers and strengthen their overall security. It’s a simple but highly effective way to protect personal data and limit exposure to future breaches.
Remind residents to closely monitor their financial and online accounts for any signs of suspicious activity. This includes regularly checking credit reports, bank statements, and any unfamiliar credit inquiries or new accounts. Any strange emails, phone calls, or texts asking for sensitive information should be treated with caution.
If any fraudulent activity is detected, advise residents to file an identity theft report with the Federal Trade Commission (FTC) through IdentityTheft.gov. This will allow them to take immediate action to stop any further damage to their personal information.
While dealing with a breach is stressful, there are steps that both property managers and residents can take to reduce the chances of a breach happening again. One of the most effective ways to do this is by using a trusted identity protection service like Aura, in addition to a Resident Benefits Package. Aura is Second Nature’s partner in providing residents with comprehensive protection.
Aura offers an extensive suite of identity protection services that can help property managers and residents stay ahead of potential breaches. Some of the services provided by Aura include:
By offering a service like Aura as part of your property management’s Resident Benefits Package, you can give your residents the protection they need to safeguard their identities and personal information.
Helping residents protect their personal information is a responsibility that property managers must take seriously, especially in the wake of recent data breaches. Aura, a trusted identity protection service, offers a solution to the growing problem of identity theft, providing both residents and property managers with peace of mind.
For property managers, incorporating Aura into your Resident Benefits Package is a practical and effective way to improve the overall resident experience while ensuring that their data is protected. Aura offers identity theft insurance of up to $1,000,000, making it an attractive option for residents looking to protect themselves from fraud. Its 14-day free trial is an easy way to see if the service is right for you.
By being proactive and offering these services, you not only reduce the potential damage of a breach but also build stronger relationships with your residents, giving them the tools they need to safeguard their information for the long term. Learn more about how you can improve the resident experience through Second Nature’s Resident Benefits Package.