Best Practices for Notifying Consumers of a Third-Party Breach

It’s no longer a question of ‘if,’ but ‘when.’
Your consumers will reuse passwords, and those passwords will be exposed in a third-party data breach.
As soon as reused passwords become available to cybercriminals, your consumers are at high risk of account takeover fraud, which can result in substantial losses for you and for your consumers.
By monitoring your consumers’ credentials and resetting exposed passwords, you can help prevent account takeover and reduce online fraud. However, the language you use to notify them that their passwords must be reset requires careful consideration. Informing affected users that their credentials have been exposed on the criminal underground can encourage them to choose strong, unique passwords and protect any other accounts that share the same login information. On the other hand, some consumers may wonder how you located their information on the ‘dark web’ in the first place and where it was exposed.
Download our best practices guide to learn:
- Common attack scenarios cybercriminals capitalize on in the ecommerce customer journey
- Why a more thorough understanding of consumers’ risk is critical – and more possible than ever
- How to incorporate predictive risk scored based on analysis for recaptured underground data in your control framework to prevent more fraud while safeguarding the customer experience
Solution:
Account Takeover Prevention
Related Resources

SpyCloud Named 2020 Gartner Cool Vendor in Identity Access Management and Fraud Detection
See Gartner’s analysis of the IAM & Fraud Detection market and why SpyCloud received the Cool Vendor recognition.

Real or Synthetic? Introducing SpyCloud Identity Risk Engine
On-Demand Webinar: A detailed look at how Identity Risk Engine turns recaptured data into a clear fraud signal that complements your existing control framework.

The Fraudacity of Cybercriminals: How 15.5B Recaptured Data Assets Shine a Light on the Criminal Underground
On-Demand Webinar: Analysis of the 15+ billion assets we recaptured in 2021 and what we can learn from patterns we’ve observed in the criminal underground over the last 12 months.
The SpyCloud Difference
Truly Actionable Recaptured Data
SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.
Check Your Exposure
See your real-time account takeover exposure details powered by SpyCloud data.