F-Secure ID PROTECTION

[Identity Theft Help] F-Secure ID Monitoring found a breach, what should I do?

Issue:

F-Secure ID Monitoring has found a breach, what should I do?

Resolution:

You can find advice on what to do on the F-Secure app itself:

Go to the F-Secure app and check what type of breach it involves.

Open F-Secure on your device

Select ID Monitoring

Tap the breach you want to view
See steps to take under the "What should I do now?" headline.

The recommendations are different based on the type of breach. Have a look into this short summary of what to do depending on which item of personal information was breached:

e-mail address: Change your password immediately on the target site. When you change your password, instead of thinking of a new password yourself and trying to remember or record it, take this opportunity to start using the password vault inside F-Secure ID PROTECTION. The password vault helps you create a strong unique password on each account, and remembers them and fills them into login pages for you [same for all “change password” advice cases]. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
phone number: If you detect a misuse of your phone number, contact your service provider. Remove your phone number from any services that do not require it. Change your password immediately. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
password: Change your password immediately, also for the platforms where it was reused. Verify that you still retain the ownership of the target account (or any accounts that used the same password) and your information has not been tampered with – for example, disconnect any connected devices that are not your own and check for and remove unexpected forwarding rules on email accounts. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
credit card details leaked (only type of card): Keep an eye on your accounts for unfamiliar transactions. Change your password immediately. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
any other information concerning the credit card type: contact your card issuer for specific guidance. Keep an eye on your accounts for unfamiliar transactions. Change your password immediately. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
bank account number leaked: Keep an eye on your account for unfamiliar transactions and contact your bank if you notice anything suspicious. Note that this is not a major issue, since not much harmful action can be performed with a bank account number. But please remain cautious about unsolicited calls or messages asking for personal information (smishing and vishing).
social security number: If you suspect your social security number is used as a part of a fraud, contact your local police to file a report. In Europe, Social Security Numbers are not used for e-Commerce Transactions. Please remain cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
date of birth: do not provide your birth date to services unless it is required by law. Change your password immediately. Please be cautious about unsolicited calls or messages asking for personal information (smishing and vishing)
passport details leaked: If the passport number is leaked, it is unlikely this will lead to identity theft. If your physical passport is stolen, file a police report immediately. Do not provide your passport details to services unless it is required by law. Contact your passport issuer for further instructions and discuss applying for a new passport.
physical address related info leaked: do not provide your address or location to services, unless it is necessary for the service to work or the law requires it. Note that this is not a major issue, since not much harmful action can be performed with an address. But please remain cautious about unsolicited calls or messages asking for personal information (smishing and vishing)

Different breach types. We have different types of breaches, especially if we don't know the exact site, we tweak the instruction. Still, the instructions depend on which PIIs are leaked:

Regular breach with a website address: Change your password immediately, also for the platforms where it was reused. Criminals will try your e-mail address and password combination on other services. Please be cautious about unsolicited calls or messages asking for personal information (phishing)
Regular breach without a website address:change your password immediately in every service which uses the passwords listed above. Please be cautious about unsolicited calls or messages asking for personal information (phishing)
Undisclosed Service (No source name or site address. Instructions depend what is leaked, but not directly actionable since the source is not visible) : This can be caused because the breach is part of a set of breaches. Therefore the origin is unknown. Data breaches of undisclosed services may also be under investigation by law enforcement, and revealing the name of the breached service at this moment would interfere with ongoing criminal investigations. We will update any such breach when source becomes publicly available. Please remain cautious about unsolicited calls or messages asking for personal information (phishing)

Article no: 000026993