Frequently Asked QuestionsGet your data breach questions answered
How does BreachClarity work?
The simplest explanation is this: when data breaches are reported, Breach Clarity’s strategic non-profit partner ITRC takes publicly available breach data–and that’s usually the list of specific exposed credentials (such as your date of birth, SSN, or certain payment card digits)–so it can be read by Breach Clarity’s patent-pending algorithms. Through years of experience working with professionals on the front lines of fighting fraud, we’ve essentially created algorithms that can represent the logic that might say (for instance) “SSNs are essential for getting a tax refund or opening a new bank account, but not much for making an online purchase with a payment card”. Breach Clarity’s patent-pending algorithms are intended to get even more precise and capable as we form more industry partnerships. For more, read here
Why aren’t the BreachClarity results computed differently for different victims of the same data breach?
Companies that suffer breaches generally maintain structured database formats for consumer records including credentials (such as an SSN, address, or payment information) with consistency designed to realize peak efficiency levels. Once a breach occurs, companies conduct analysis to determine what specific database elements were exposed, and then report this publicly in accordance with state and federal regulations. While no two people are ever the same in anything they do, it remains true that credentials exposed from any one breach create a predictable pattern of how overall identity fraud risk is increased as a result of any particular breach.
I’ve been breached multiple times, so how is that taken into account?
Unfortunately, breaches are an ongoing epidemic. But don’t let that cause you to become apathetic, or get a false sense of security. Breach Clarity exists to provide clear, honest, and action-focused starting assessments of what any breach means to identity safety (with the intention that many will reach out to the ITRC for further help). In the future, we hope to allow people to see the aggregated result of multiple data compromises, and this is likely among the many features that will only be provided from a premium version of BreachClarity offered by financial institutions, employers, and other trusted organizations. For now, feel free to enter many breaches separately in our database and consider all the outputs in aggregate, but do not assume that all breaches expose data to all potential identity criminals, because that’s just not how things work.
How can I get even more information out of Breach clarity? You’re only listing a couple of things that can go wrong, and a few action steps I can take.
This initial launch of Breach Clarity is our first step on a very significant path, allowing us to follow the wise proverb of “walk before you run”. Because lots of time and money have been invested in creating this free version of Breach Clarity, we are likely to only making the more extensive outputs available to consumers through trusted providers that license a future premium version, such as banks or employers. Since banks and other companies often pay the majority of costs when a data breach creates identity theft, we think there’s a great business model in having them license it for their customers to access.
There are so many organizations offering advice about data breaches and identity theft. How do I consider yours, in comparison to all the others out there?
Breach Clarity is the creation of the founder of a research company (Javelin Strategy & Research) that provides more research on identity fraud than anyone, and their research has been cited by the Federal Trade Commission, FDIC, Federal Reserve, U.S. Congress, major banks or credit unions, credit reporting agencies, and more. Breach Clarity’s founder currently serves on the board of the Identity Theft Resource Center, who as Breach Clarity’s strategic launch partner is the best source of data on data breaches, their relationship to identity crimes, and also the preeminent source of free advice for consumer victims of breaches and fraud Still, there are countless opinions and assessments about both data breaches and identity theft or fraud–some being great and others not so much–which is exactly why Breach Clarity was created. BreachClarity’s extensive algorithms are designed to represent the best experience and wisdom of true experts, and grow in that capacity as we add more partnerships. We aim to give consumers and professionals a single, simple, and action-oriented method that improves safety, while steering people away from the questionable sources that might declare far too many breaches to be “the worst ever”, or give people non-sensical and self-serving advice.
With so many breaches continually occurring in the news, isn’t our data all already out there?
No! Do not buy into this dangerous and fatalistic myth. While many people report being breached at least once, breaches expose different personal data credentials (for instance, Breach Clarity’s algorithm considers over 50 categories of data credentials, and it’s simply not true that any one breach will expose personal data to all would-be identity criminals. Every new breach affects an identity-holder’s safety. While data breaches will continue to make the news, the price of private data on the dark web (portion of the Internet where identity records are bought and sold) proves that identity criminals desperately seek more new personal information from which to commit damaging crimes. Further, researchers continue to find that those who are victimized by more data breaches realize identity fraud at a higher rate, which again proves that each new breach represents more risk. Criminals have financial incentive to protect the value of the personal data they obtained by not openly sharing with others, so never assume the worst and stay active in your own safety!
My financial provider advertises a zero-liability policy for my credit card, so what do I have to worry about?
It’s good that most financial providers are willing to cover losses, and yet you still need to stay vigilant. Even with credit cards, the average victim reports out-of-pocket costs around $40, sometimes due to more extreme cases where the perpetrator turns out to be a so-called friend that the victim isn’t willing to press charges against, or challenges in documenting everything. Data has shown that practices such as earlier detection is correlated with lower out-of-pocket costs, so consider our recommendations as the best way to work hand-in-hand with your bank or credit union.
How do you keep your recommendations free of commercial influence?
The Breach Clarity algorithm was developed independently by founder Jim Van Dyke’s experience as a researcher in digital finance and identity safety, and designed to be updated based on interviews with the companies who will share in the identity-holder’s loss if they were to be victimized. While commercial relationships will hopefully grow as Breach Clarity increases in use (I have significant bills to pay after years of developing Breach Clarity), the primary paying customers are those who share a financial interest in protecting individuals (such as banks, credit unions, or large employers).
I received a data breach notification letter that says I essentially have nothing to worry about, and I have $1,000,000 in insurance coverage in case something actually does happen. So why are you telling me something different?
No one is telling you to be worried; rather we’re advising breach victims to be smart and take appropriate action. Breach Clarity is designed to help you know exactly what to do to minimize your risks, so you can put your concern to productive use. While no one is ever able to assure complete protection from identity theft or fraud, we advise that you keep your primary focus on minimizing the risk of identity crimes in the first place, with the goal of hopefully never needing to file an insurance claim.
A breach I was in scored the lowest possible Breach Clarity score. So do I need to do anything?
If you were breached, you owe it to yourself to take action–every time! Breach Clarity exists to help you anticipate the most likely repercussions of a breach, and then take the likely highest-payoff actions (rather than avoid taking any action at all). BreachClarity rates no breach lower than 2, because of our view that if a breach was bad enough to cause an organization to report it publicly, it’s bad enough to warrant cautionary consumer action.
Security and fraud protection seems so confusing and complicated! Why should I believe that my actions can make a meaningful difference in my safety?
Breach Clarity was created precisely to clear up unnecessary confusion; that’s why the outputs are presented in a no-nonsense way (with appreciative nod to my friends at Comrade Agency/CI&T for donating their outstanding design expertise). As an example of the common confusion Breach Clarity seeks to clear up, people sometimes put their primary focus on credit monitoring after a breach of only payment card data. The risks and actions recommended by BreachClarity are similar to having a doctor first make an educated diagnosis, and only then prescribe the likely most effective methods of treatment. For added help, don’t hesitate to reach out directly to the helpful experts at the ITRC using the button at the upper right.