General Discussion

It's not good, but intranet is better than public. That should require a log-in to access.

That sounds more like a white hat notified the SCAO that they had a point of failure.

Your best, most paranoid bet? Do you need any credit accounts in the near future? If so, get them now, and lock down your credit with all three agencies. One of the monitoring services should be fine - life lock, carbonite or credit karma. Call your bank (or go in to a local branch) and any accounts you have, tell them this is a potential security hole, and set up a verbal password. (Since it's possible to gain access with SSN and DOB and some lucky/researched guesses.) Most financial service providers will do this, no problem. Just use a good pass phrase -- 4-6 words that make an image you can remember, like Prefer Cassandra Austen Over Auden or Zebra Implies Stripey Stockings. (Don't use those.) Download a password minder (we use the Safari keychain, Keeper and Keypass; I can recommend all) and change all of your passwords to pass phrases, then never reuse any password ever, and don't memorize any passphrase you use. Keep them in the minder. Ensure that you've got them backed up, and include a copy of your password minder's password in your estate paperwork (or don't, of there's something you don't want someone else to see).

We've kept our credit and financials locked down for years - Spouse was one of the DOD leaks about 8 years ago, and my SS card was stolen when I was a teenager (and I have absolutely vile, thieving parents, but that's a story for another day). It's never been a real problem. It probably saves us money in the long run -- it's too much of a hassle to apply for anything, so we really have to justify a credit purchase. It's not that bad, all things considered. It feels like a violation now, and you're perfectly justified to feel that way. We could probably unlock now, but it's a piece of fire and forget security that, once accomplished, is done, so I don't see the point in undoing it. It took me about 10 hours, total, and we've unlocked temporarily twice since (both times, to buy cars).

It's going to be okay.