So you’ve gotten swept up in yet another data breach. At least that’s what the notification you just received tells you. You know, the email that begins, “We take your privacy seriously.”
Breach notifications can leave victims feeling overwhelmed and confused. A tool built by the Identity Theft Resource Center is designed to make the experience, which is sadly inevitable, less stressful.
Breach Clarity analyzes publicly disclosed data breaches and gives concrete advice to victims based on the risks. It draws from a comprehensive database of breaches maintained by the resource center and applies an algorithm that weighs the risks.
“People want to know: This is actually what your risk is, and this is how you address it,” said Eva Velasquez, CEO of the Identity Theft Resource Center.
Breach Clarity is the latest consumer-focused service for helping users navigate the complex and disorienting reality of online life today. Everyone has been hacked, an old cybersecurity saw goes, it’s just a matter of whether or not you know it.
You can already find out if you’ve lost login credentials and other sensitive information by visiting Have I Been Pwned or Firefox Monitor. Breach Clarity takes things a step further by helping you decide what to do afterward. The growing number of these tools means consumers have more ability to respond to data breaches. So, you don’t have to sit around feeling angry and confused the next time you get a data breach notification.
It’s no easy task to decide how to respond to a data breach. Experts know that data breaches help criminals pull off identity theft and a host of other financial crimes. But it’s a challenge to predict what they’re likely to do with any given set of pilfered data.
To provide useful advice, Breach Clarity relies on an algorithm that analyzes the type of data stolen and predicts the kinds of crimes such data would make possible. The results can be surprising, said Jim Van Dyke, an independent data analytics expert, whose team created the algorithm.
For example, Home Depot offered free credit monitoring to victims of a 2014 breach in which hackers stole millions of credit card numbers. But credit monitoring is best as protection against identity thieves opening new lines of credit, which Van Dyke’s algorithm says wasn’t the biggest risk to the data breach victims.
Instead, criminals were more likely to try to make purchases with victims’ existing cards and bank accounts. To prevent this type of behavior, Breach Clarity recommends victims of the hack put alerts on their accounts and ask for their cards to be reissued.
The algorithm is meant to be dynamic, and Van Dyke and his team will update it as criminals change their modus operandi. Van Dyke figures out what changes are needed by interviewing experts in financial crime and incorporating new information into the algorithm. Eventually, he’d like to license a business-oriented version of the tool to financial institutions. The consumer version is free.
“If the thieves are going to leverage our data to harm us,” Velasquez said “We should be leveraging it just as much to try to stop that harm.”