FRONTLINEPRIVACY
Playbook · Departmental

There's a data breach affecting my department

For first responders and credentialed professionals — sworn officers, firefighters, EMS, nurses, federal agents. Your department, agency, hospital, union, or a vendor that holds your personal data has been breached. The action checklist for individuals — what to do regardless of what the institution does at the policy level.

Institution-side breach response can take weeks. Individual-side action can't wait. The data is already out; the question is who picks it up first. Breached data is what feeds the next pretext call to your spouse and the next broker page tied to your kids' address.

First 15 minutes

  1. Get the breach notice in writing.

    Email, intranet post, union bulletin, hospital memo, whatever the source is. Save it. You will need the exact wording for credit-bureau disputes and any federal complaint later.

  2. Confirm what fields were exposed.

    Name and SSN is a different problem than name, address, and home phone. The notice should say. If it does not, that is question one to the agency, employer, or vendor.

  3. Confirm whether your record was in scope.

    Not every breach hits every record. Some hit a date range, a unit, or a specific HRIS field. Agency, employer, or vendor should be able to tell you yes or no per individual.

Next 60 minutes

  1. Enroll in the offered credit monitoring.

    Take it — it is free and it is the floor. Just do not treat it as the ceiling. Monitoring tells you after a fraud attempt; it does not stop one.

  2. Call the three credit bureaus and freeze.

    Equifax, Experian, TransUnion. A freeze blocks any new account opening in your name. It is free, it takes ten minutes per bureau by phone, and you can lift it temporarily anytime you actually apply for credit.

  3. Lock down financial accounts.

    Two-factor authentication on every bank, card, and brokerage login. Replace any password that was reused across the breached account and a financial one. Use the bank's own app, not SMS, for 2FA where you can.

Today

  1. Pull a free credit report from each bureau.

    Annualcreditreport.com is the actual federal site — not the lookalikes. Establish a clean baseline today so anything new that shows up in 30, 60, 90 days is obviously not yours.

  2. Change passwords on anything tied to the work email.

    If the breach included your work email and any password hash, every account that reused either is exposed. Personal email, social, banking, the lot. Use a password manager.

  3. File an FTC identity-theft report.

    IdentityTheft.gov walks you through it. Even if no fraud has happened yet — having the report on file shortcuts every dispute later. Free, federal, takes about twenty minutes.

This week

  1. Run a free scan on the household.

    See the free scan. Breached data feeds broker pages within months — sometimes weeks. The scan tells you which broker sites currently carry your address and phone, and which ones to hit first.

  2. Start broker cleanup on yourself, spouse, and adult kids.

    Brokers link you to family on the same page. Closing your record without closing theirs leaves the back door wide open. DIY across the major brokers or run continuous coverage.

  3. For NJ residents, file Daniel's Law demands.

    See Daniel's Law. $1,000 per violation in statutory damages if a broker fails to remove within ten business days.

If it escalates

  1. Watch for targeted phishing.

    Breached data gets used to build convincing pretexts. Email or text that uses your real rank, badge or employee number, or vendor name and asks you to click or log in — assume hostile until proven otherwise. Verify on a known channel before you act.

  2. Document any fraud attempts.

    New account opened in your name, unauthorized charge, suspicious tax filing. Police report and FTC report on each one. The paper trail is what unwinds the damage and supports any class action against the breached vendor.

  3. Push the union on legal recourse.

    Class actions against negligent vendors are routine after first-responder data breaches. Your union or association should already be looking; if they are not, ask. Settlement money is not the point — the discovery process is what forces the vendor to actually fix their security.

How we prevent it next time

  1. Continuous broker cleanup as the steady state.

    Breaches are not preventable on the individual side — vendors get hit, payroll systems get hit, unions and hospitals get hit. What you can prevent is the breach data settling on broker pages where anyone can find it. We re-check every two weeks across 200+ broker sites.

  2. Compartmentalize the work email.

    The work email should not be the login for your bank, your social, or your kid's school portal. Personal email for personal life. When the next institutional breach hits, the blast radius is contained.

  3. Keep the credit freeze on year-round.

    Lift it the few times a year you actually apply for credit. The rest of the time it is free, silent, and blocks the most common fraud vector cold.

For continuous broker cleanup that prevents the next attempt, run a free scan.