Protecting your personal information from exploitation

By Marti Yoshida, Operations Security Program ManagerAugust 20, 2024

FORT LEONARD WOOD, Mo. — Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft, targeting of individuals with knowledge of sensitive government information and internal business processes, and other intelligence activities that use personal information of U.S. citizens to undermine national security.

It is in our collective interest that we take actions to limit the risk of our personal information being exploited, and to recognize indicators that we may be the target of such activities.

Confirmation that your personal information has been accessed in a data breach is not a guarantee that your information will be misused or that you will be targeted for further exploitation. However, it is important to remain mindful of the risk of such misuse or exploitation.

The following information is provided to raise your awareness to this possibility and to help you understand how your personal information may be used by foreign intelligence services and others, such as extremists, criminals, hackers and the like.

General awareness and protection guidance

All individuals potentially affected by a breach should be wary of suspicious activities indicating their personal information has been or is being exploited. Protective measures to follow, include:

  • not providing additional or detailed information about yourself, your family or associates, or your position with any individual who has an unusual or heightened interest in you, or your family and associates;
  • not sharing personal, financial or sensitive information if you are contacted by unknown individuals or groups via e-mail, instant messaging or text, telephone, social media interaction and personal encounters;
  • not opening attachments or clicking on links embedded in emails, instant messages or texts from unknown senders, senders who would be unlikely to send an email directly to you, and even from known senders with grammatical errors, misspellings or if there is no text with the attachment or link;
  • installing and maintaining up-to-date software to guard against viruses, malicious code and pop-ups that can appear if your computer is infected;
  • transmitting electronic information safely, using encryption and by using secure, known websites (e.g., with addresses starting with “https,” rather than “http”);
  • sharing electronic files and photographs only with those you know, as they contain embedded metadata, such as identity, date and time, and location information;
  • selecting the highest level of privacy settings on your electronic devices and applications;
  • monitoring your credit history and activity through a reputable credit bureau and your account statements for any unauthorized or unusual entries. Free credit reports can be obtained at https://www.consumer.ftc.gov/articles/0155-free-credit-reports;
  • maintaining direct control of electronic devices during travel, especially when traveling out of the U.S.;
  • knowing the locations and contact information for U.S. embassies, consulates and other diplomatic establishments for any issues or emergencies when traveling out of the country. This information can be found at https://www.state.gov/misc/list/index.htm;
  • report — per your department, agency or company instructions — all suspicious activity, events or individuals you, relatives and associates encounter; and
  • sharing these general awareness and protection guidelines with relatives and associates, as appropriate. Avoid misconduct or behaviors that leave you vulnerable to blackmail, coercion or recruitment.
Reporting

To protect yourself and your family, we urge all individuals to exercise caution and remain vigilant to any events appearing out of the ordinary or suspicious.

If you believe you have observed activity related to a personal data compromise, or suspect your personal information has been exploited, report your concern as soon as possible to your security manager.

(Editor’s note: Content for this article was provided by the National Counterintelligence and Security Center.)