Nebraska
Table of Contents
- Identity Theft Statistics
- Top Ten Report Categories
- Top Identity Theft Types
- Fraud & Other Reports by Metropolitan Area
- Nebraska’s Recent Biggest Data Breaches
- What Should You Do if You Are in a Breach?
- Step-by-Step Process for Responding to a Data Breach
- Responsibilities of Companies that Have Been Breached
- Laws
- Resources
Data breaches occur when an unauthorized actor accesses and steals information from an entity that handles personal information. The problem is becoming increasingly common as cyber threats infiltrate every area of daily life. In Nebraska, the threat level is lower than the average per victim affected, considering it ranked 43rd in 2023. The total losses accrued in the same year were $40,581,244. Most of the targeted areas in the state are in the healthcare and educational sectors. The attacks focused on email hacks, denial of service, phishing, malware, and identity theft.
Identity Theft Statistics
Reports
Reports
Losses
Top Ten Report Categories
Top Identity Theft Types
Nebraska's Recent Biggest Data Breaches
Nebraska Supreme Court Hack
The Nebraska Judicial Branch's intranet was hacked in June 2023. Anti-government group SiegedSec took credit for the attack and indicated they were targeting states that had passed laws limiting gender-affirming care. However, Corey Steel, the State Court Administrator, declared there was no compromise of sensitive information. The Judicial Branch reviewed the intranet logs to ascertain the nature and scope of the attack. Steel indicated that they are continuing to investigate to assess the extent of the breach and strengthen security. However, they did not state the types of information accessed or the number of people affected.
Orthonebraska Data Leak
In December 2021, OrthoNebraska discovered that spam messages were sent from what was thought to be a company email account. Their security teams immediately moved to secure the account and did a password reset. Following the investigation, it became apparent that an unauthorized party accessed the email accounts and stole some personal information. Some information obtained included names, addresses, driver's licenses, Social Security numbers, credit cards, lab test results, and prescription information. In June 2022, OrthoNebraska posted a substitute notice on its website and also sent out letters to all who were affected due to the breach. OrthoNebraska offered free credit monitoring and identity theft protection to all affected. However, individuals had to do it within 90 days of receiving their letter from the company.
Sandhills Global Data breach
In October 2021, Sandhills Global was breached during a ransomware attack. The organization deals with websites and trade magazines within the agricultural, aerospace, heavy machinery, and transportation sectors. The company provided a statement claiming their operations had been shut down and cybersecurity experts were brought in so they could help with the investigation. They did not discover any evidence that consumer information was compromised, though. Sandhills maintained that those affected could access complimentary credit monitoring and issued notification letters to everyone affected.
Nebraska Medicine Data Breach
In the fall of 2021, Nebraska Medicine became the victim of a ransomware attack that compromised the information of an estimated 219,000 patients. It was presumed that a ransomware attack was the cause of the incident, considering servers, networks, and patient records were not accessible at the time. The compromised information varied according to the patients, but most types were related to names, birth dates, health insurance data, medical records, and physician notes. Some Social Security numbers were affected by the incident as well. Since then Nebraska Medicine has implemented network monitoring and issued notifications to all affected individuals.
Nebraska University Data Breach
In May 2012, a university staff member determined the existence of a data breach involving 654,000 records within the Nebraska Student Information System database. There was no direct evidence, though, that information was downloaded, and no subsequent reports of identity theft came from the breach. The initial investigation revealed that addresses, course grades, Social Security numbers, and other details were exposed. Personal and financial information belonging to parents was also revealed. The University initiated a telephone service center to assist students, parents, and other alumni whose data was at risk.
What Should You Do if You Are in a Breach?
Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.
Unfamiliar
Credit Card Charges
If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.
Calls from
Debt Collectors
Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.
New Credit Cards
or Loans in Your Name
A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.
Surprise Credit
Score Drops
Sudden credit drops with no obvious cause are a sign of suspicious activities.
Unusual Activity on Your
Social Security Account
The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.
Inability to
Sign-in to Accounts
If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.
Step-by-Step Process for Responding to a Data Breach
Contact Local Law Enforcement
As an individual or a business, report the incident to the police and file a police report.
Assess and Secure Compromised Areas
Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.
Contain the Breach
Isolate the affected system to prevent further damage.
Create New, Strong Passwords for All Accounts
This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.
Notify Affected Institutions
Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.
Update Security on Digital Accounts
Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.
Check for Malware
Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.
Freeze Your Credit
In cases of identity theft, contact all credit bureaus to freeze your credit.
Monitor Your Mail and Credit Reports
Keep an eye out for any unauthorized changes in your mail.
Engage Legal Assistance When Applicable
If you are a business, consider hiring a law firm experienced in handling data breaches.
Responsibilities of Companies that Have Been Breached
Businesses in Nebraska are required to report instances of data breaches to the directly affected according to state law. They have to do so as soon as possible without any unreasonable delay. The Nebraska Financial Data Protection and Consumer Notification of Data Security Breach Act states that personal information in the person's name is in combination with their driver's license, financial account number, credit card details, email address, electronic identification number, Social Security, and biometrics. Written, telephone, or electronic notices are permitted to notify a consumer of a data breach. When residents are informed of a breach, a notice should also be issued to the state attorney general's office.
A substitute notice may also be permitted if the costs exceed $75,000. It can also be given if more than 100,000 residents need to be notified following the breach. Methods or a substitute notification may include conspicuously posting the event on the entity's website. The business can also inform statewide media of the incident through email. Businesses that have notice processes as part of an information security policy for personal information treatment and are in step with state requirements for timing to comply with notice regulations. Notices can be delayed, though, if a law enforcement agency finds that the notice will contradict a criminal investigation. As soon as the law enforcement agency states that notifications will no longer impede their processes, notices can be sent. Businesses that violate the terms of notification for timing or modes of alert can be subject to damages as ordered by the Attorney General of Nebraska.
Laws
- The Nebraska Revised Statute 87-802 deals with personal information such as names in combination with driver's licenses, financial account data, credit cards, biometric information, and unique electronic identification numbers.
- The Nebraska Revised Statute 87-803 considers a breach of security notices to residents and the Attorney General. It considers the notification regulations for individuals, groups, and the Attorney General. It also stipulates for delay if a law enforcement agency finds that a notice will impede an ongoing criminal investigation.