How Should a Fire Department Respond to a Data Breach?

In Boise, Idaho, some police and fire employees, retired workers and their dependents may have had personal information stolen as part of a security breach of a company that administers their health benefits. Names, dates of birth, addresses, Social Security numbers, and benefits enrollment information may have been compromised through phishing, which involves sending fraudulent emails purportedly from a legitimate company. The emails attempt to trick people into revealing personal information that can be used for identity theft.

Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next. Although the answers vary from case to case, the following guidance can help you make smart decisions and minimize the negative impact. In addition to securing Cyber Liability Insurance for your operation, familiarize yourself with these best practices now, before the breach happens.

Secure Operations

Assemble a team of experts to conduct a comprehensive breach response. This may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations, and management.

Consider hiring independent forensic investigators to help you determine the source and scope of the breach. They will capture forensic images of affected systems, collect and analyze evidence, and outline remediation steps. Additionally, utilize legal counsel for privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach.

Secure physical areas potentially related to the breach. Lock them and change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.

Take all affected equipment offline immediately, but don’t turn any machines off until the forensic experts arrive. Closely monitor all entry and exit points, especially those involved in the breach. Update credentials and passwords of authorized users. 

If service providers were involved, examine what personal information they can access and decide if you need to change their access privileges. Also, ensure your service providers are taking the necessary steps to make sure another breach does not occur. Work with your forensics experts to analyze whether your segmentation plan was effective in containing the breach. Analyze who currently has access, determine whether that access is necessary. 

Notify Appropriate Parties 

Law Enforcement 

Call your local police department immediately. Report your situation and the potential risk for identity theft. 

Affected Businesses

If account access information has been stolen, but you don’t maintain the accounts, notify the institution that does so it can monitor the accounts for fraudulent activity.

If you collect personal information on behalf of other businesses, notify them of the data breach. If names and Social Security numbers have been stolen, contact the major credit bureaus. 


Quickly notify people that their personal information has been compromised. Describe what you know about the compromise. Include:

  • How it happened
  • What information was taken
  • How thieves used the information 
  • What actions you have taken to remedy the situation
  • What actions you are taking to protect individuals
  • How to reach the relevant contacts in your organization

Consult with your law enforcement contact so your notice doesn’t hamper the investigation.

About Provident FirePlus

At Provident FirePlus, we offer custom-tailored packages to best protect firefighters and volunteer firefighters. We understand the risks that emergency response teams are subjected to on a daily basis, and have worked to serve these dedicated professionals for over 87 years. For more information about our products and policies, we invite you to contact our experts today at (855) 201-8880.