Date: Thu, 28 Mar 2024 10:12:39 +0000 (UTC) Message-ID: <1798273076.6067.1711620759258@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6066_458994152.1711620759256" ------=_Part_6066_458994152.1711620759256 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Other Toolkit Sections
This template can be used to guide development of "frequently asked ques= tions" information to include as part of a notification letter, website or = other materials concerning a specific security incident. Answers to questio= ns in this template are examples only. They need to be adjusted fo= r the unique circumstances of the incident.
Individuals potentially affected by an incident will have varying levels= of computing knowledge - possibly none. It is, therefore, critical that ex= planations of the incident, the potential for impact on them, and steps the= y should take, if any, be communicated in clear and concise terms. Institut= ions should carefully consider the specific information these individuals w= ill want to know and address only those issues. Explanations should be shor= t, to the point, and free of technical jargon.
If a hotline is setup, the institution will need a mechanism for gatheri= ng the questions and answers being provided via the hotline so the online F= AQ is updated frequently and appropriately.
Example Answer: No. The (institution name)'s investigat= ion into this incident revealed that an unauthorized person gained control = of a computer containing a confidential file. It is possible the intruder's= intent was to either disrupt normal business or use the computer's process= ing power to launch similar attacks on other computers. He or she may not h= ave been aware the confidential file was stored on this computer. We do not= have sufficient evidence, however, that the file was not acquired. The (in= stitution name) has, therefore, taken the precautionary measure of distribu= ting an advisory to all individuals whose information was in the file, so t= hat they can take appropriate steps if concerned. Thus far, there have been= no reports of unauthorized use of personal information as a result of this= computer security breach.
Example Answer: The confidential file contained names, = addresses, birth dates, and social security numbers of individuals who subm= itted applications for admission to the (institution name/school) in 2004. = Current information indicates the unauthorized person gained control of the= computer from September 1, 2005 to September 8, 2005.
Example Answer: The computer involved in this incident = has been secured. The (institution name) is taking precautions to minimize = future security risks.
Example Answer: Individuals whose personal information = was involved in this incident can request a free initial (90 day) fraud ale= rt to be placed on their credit files by calling any one of the three major= national credit bureaus or completing an online form. Submit one online fo= rm request and all three agencies will add the fraud alert.
When contacting the Credit Reporting Agency, you should request the foll= owing:
1. Instruct them to flag your file with a fraud alert including a statem= ent that creditors should get your permission before opening any new accoun= ts in your name.
2. Ask them for copies of your credit report(s). (Credit bureaus= must give you a free copy of your report if it is inaccurate because of su= spected fraud.) Review your reports carefully to make sure no addi= tional fraudulent accounts have been opened in your name or unauthorized ch= anges made to your existing accounts. NOTE: In order to en= sure that you are issued free credit reports, we strongly encourage you to = contact the agency's DIRECT LINE (listed above) for reporting fraud= . We do not recommend that you order your credit report online.
3. You may want to ask about the option to freeze your credit. Forty-sev=
en states and the District of Columbia have enacted legislation allowing co=
nsumers to place "security freeze" on their credit reports. A consumer repo=
rt security freezes limits a consumer reporting agency from releasing a cre=
dit report or any information from the report without authorization from th=
e consumer. Check your state's information.
4. Be diligent in following up on your accounts. In the months following a=
n incident, order new copies of your reports to verify your corrections and=
changes, and to make sure no new fraudulent activity has occurred.
5. If you find that any accounts have been tampered with or opened fraudul=
ently, close them immediately. To ensure that you do not become responsible=
for any debts or charges, use the ID Theft Affidavit Form developed by the=
Federal Trade Commission to help make your case with creditors.
You may request a free annual credit report, 1 per year, from AnnualCred= itReport.com as recommended by the Federal Trade Com= mission.
Example Answer: In similar cases at other institutions,= people have reportedly been contacted by individuals claiming to represent= the University and who then proceed to ask for personal information, inclu= ding social security numbers and/or credit card information. Please be awar= e that (institution name) will only contact you about this incident if addi= tional helpful information becomes available. We will not ask for your full= Social Security number. We will not ask for credit card or bank informatio= n. We recommend that you do not release personal information in response to= any contacts of this nature that you have not initiated.
Example Answer: In order to answer any questions that y= ou may have regarding this incident a special phone line, (xxx) xxx-xxxx (t= oll free 1-888-xxx-xxxx), has been activated and will be monitored by the (= institution's name).
Questions or= comments? Contact us.
Except wher= e otherwise noted, this work is licensed under a Creative Commons Attributi= on-NonCommercial-ShareAlike 4.0 International License (= CC BY-NC-SA 4.0).