Customer’s Personally Identifiable Information (PII) is breached (not card holder data)!

Personally identifiable information (PII) is any information that could potentially identify a particular individual. PII breach involves the compromise, access and/or disclosure of personally identifiable information by unauthorized persons using either physical or electronic means.

According to NIST Special Publication 800-122, PII is ―any information about an individual maintained by an agency that

  • can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
  • is linked or linkable to an individual, such as medical, educational, financial, and employment information

PII may also include other information such as personal characteristics, religion, education information, financial information, criminal record, etc.

PII can be of different sensitivity levels. Sensitive PII is information, which if lost, compromised, or disclosed by unauthorized persons, could cause substantial harm, embarrassment, inconvenience, or unfairness to the victim.

Top Recovery Tips

1. Don’t Panic. Immediately isolate the compromised system(s) and preserve evidence.

When PII data compromise occurs or is suspected it is imperative that you contain the damage quickly to protect other data and preserve evidence in case of a forensic investigation. Subsequently, work towards identifying the root cause for the incident. If required, call on third-party forensic and technical experts to help determine the source of the breach and the extent of the damage.

2. Report the incident to relevant authorities.

Once the damage is confirmed, notify relevant authorities. Certain factors should be considered before reporting the incident in order to assess the likely risk of harm –

  • sensitivity of the data information breached
  • number of affected individuals
  • probability the information is accessible and usable; and
  • chances that the breach may lead to any harm
3. Find out if your country has laws outlining what an organization should do in the event of PII breach including specific requirements for notifying those impacted by the incident.

PII breach may occur as a result of insider breach. If you are concerned that the PII breach may be caused by an insider, refer to the Insider Breach section.

Our Diamond Sponsors