What to do if your personal data has been stolen

Sheriff’s Office has suggestions for those who think they’ve been victimized

Posted

Attacks on personal data have intensified worldwide amid the coronavirus pandemic, and Chatham is no exception.

Especially since the cyberattack on Oct. 28 — a network infiltration which blindsided the county government’s computer infrastructure and exposed scores of employees, former employees and residents to potential fraud — Chathamites are concerned about their information’s security.

A News + Record investigation into the extent of Chatham’s breach revealed more than 14,000 stolen documents had been posted online by a criminal threat actor after a failed ransomware demand of 50 bitcoin (worth about $708,000 at the time of the incident). Some of those files contained sensitive personal information including statements provided by Chatham County children who were victims of sexual abuse, performance evaluations and healthcare documents of current and former county employees and folders of files from criminal investigations labeled “closed” and “open.”

Social Security numbers were included in hundreds of files.

There’s some good news, though — if your information was included among the publicized files, county officials have probably already reached out to advise you.

“After being alerted to the data breach, our staff worked tirelessly to verify the tip as well as the authenticity of the posted documents,” Sheriff Mike Roberson told the News + Record. “This process allowed us to identify the victims and confirm types of data exposed. Next, we set out to notify those victims of the breach and guide them toward available resources. All victims identified in our review of the stolen Sheriff’s Office data were notified within 24 hours of confirming the contents of the appropriated files.”

Chatham County government has also been informing its other staff members.

“On February 8th, the County discovered that the cyber actor(s) responsible for the October 2020 ransomware event against the County released certain data acquired by the cyber actor(s) from the County’s servers,” said County Manager Dan LaMontagne in a press release last week. “The County’s investigation of this event remains ongoing. This includes efforts to identify and notify every individual whose personal information may have been impacted.”

The “cyber actor” was an international group of criminals known as DoppelPaymer. The organization is thought to operate out of Russia and has conducted attacks such as the one on Chatham in at least 43 countries worldwide and on a number of other municipalities and entities in North Carolina.

The group is one of several major players in the cybercrime world. It operates according to a standard modus operandi: breach government or organization networks using time-tested infiltration methods (a phishing email message, as was the case in Chatham), then demand ransom money in exchange for access to locked data. When victims refuse to pay — the recommended practice according to most cybercrime experts — DoppelPaymer starts releasing stolen information publicly online.

So far, there have been at least two sets of Chatham County data posted online following Oct. 28, but it’s unclear whether the files DoppelPaymer released constitute the entirety of its stolen cache. Cybercriminal groups are know to release information in waves as “punishment” when ransom demands go unheeded.

For example, the first of Chatham’s stolen data was posted online on Nov. 4. The files were mostly innocuous — they were posted only to demonstrate that DoppelPaymer had successfully breached the county’s network, according to cybersecurity experts who have followed this and other cases.

Almost three months later, though, after Chatham had refused to pay the 50 bitcoin ransom, DoppelPaymer uploaded a second round of data files. This time the information was more sensitive and compromising.

The county’s cyber attack is not the only reason Chathamites might fear for the security of their personal information, though. Nationwide, network hacks and information scams have proliferated since the pandemic began a year ago.

“Uncertainty around the coronavirus pandemic has created more opportunities for robocallers, hackers and other thieves,” a recent New York Times report said.

With more people relying on remote communication than ever before, the pandemic has inadvertently fostered a fraudster’s wonderland. Workers are conducting sensitive business from insecure home networks. Record numbers are filing for unemployment and waiting on correspondence from government officials and other authorities. Traditional, in-person shoppers are turning to internet vendors and may volunteer information to any of thousands of fraudulent websites that have emerged in recent months.

The opportunities to accidentally forfeit personal information can seem endless. So what should you do if you suspect your information may have been stolen?

When you think your data has been stolen

First, create a recovery plan.

“If this is someone’s first experience with identity theft and they are unsure where to begin, we recommend visiting www.identitytheft.gov to develop a recovery plan and put it into action,” Lieutenant Sara Pack of the Chatham County Sheriff’s Office told the News + Record. “This site is a one-stop resource and is especially helpful since it breaks down actions you can take immediately after you realize your data may have been compromised, then steps you can take to begin repairing any damage done, followed by additional routes you may need to take based on your specific identity theft situation.”
Pack said the site was developed by experts with many years of experience in dealing with fraud.

“ ... So it really helps take the guesswork out of the entire process,” she said.

If you confirm that personal information was stolen, or even if you have strong suspicion that your identify could be compromised, the next step is to freeze your credit — “so that no one, including you, can open a new credit card, take out a mortgage or buy a car without going online to unfreeze your credit accounts before they are used,” Pack said.

Freezing your credit will effectively stifle any illegal activity, but don’t rush to this step, she said, unless you’re sure it’s necessary.

“While this approach is safe, it can also be inconvenient if you’re in the process of buying a home or a car, for example,” Pack said. “Credit freezes, unlike fraud alerts, must be placed directly with each of the three credit major bureaus (Equifax, Experian and TransUnion). This might also be a useful tool to ensure that credit for minor children is not used unlawfully.”

What if you’re not so sure?

“It’s important to review your financial accounts and free credit reports regularly to check for any suspicious or unauthorized activity,” Pack said.

If freezing your credit seems too extreme for your circumstances, employing a credit monitoring service might be your better bet.

“Another option is to sign up for a ‘credit monitoring’ service that will let you know any time a hard pull is initiated on your credit accounts — the types of pulls that are used to evaluate new applications for credit,” Pack said. “There are a lot of services that provide free credit monitoring, such as Credit Karma, which can send alerts to you within seconds of someone applying for new credit.”

Don’t wait until it’s too late

It’s better practice to act conservatively when there’s any suspicion of identity theft than to wait for clear signs of trouble.

“It’s important to remember that one does not have to be a victim of identity theft to use these services, many of which are completely free,” Pack said. “... Educate yourself in advance by visiting the following sites to learn more about the warning signs of identity theft and ways to protect yourself and your personal information at home, at work, and online.”

Reporter D. Lars Dolder can be reached at dldolder@chathamnr.com and on Twitter @dldolder.

To learn more about the warning signs of identity theft: