As per a survey conducted by the Identity Theft Resource Center and research company DIG. Works, few customers take aggressive action to safeguard their privacy and identities after getting a data breach alert.
The analysis, based on a study of 1,050 adult customers in the United States, discovered that 16% of those polled did nothing after learning of a data breach impacting their accounts. Customer data can be used to commit identity fraud or to render employers exposed to breaches such as ransomware and business email compromise schemes.
Furthermore, under half of the respondents (48%) altered passwords for the accounts impacted by a breach, 22% altered all of their passwords after being notified of a breach.
Of the 16 percent who didn’t act after receiving a data breach notice, 26 percent responded by saying their data is already in the public domain and couldn’t do more about it,” stated “Eva Velasquez, president, and CEO of the ITRC, a San Diego based not for profit organization known to provide assistance and consumer education to identity theft victims. However, based on the data compromised, there are steps companies can take to mitigate risk”
Disinterest and Ignorance
According to Velasquez, 17 percent of customers who didn’t act when they got a breach warning were unsure how to go about it, and 14 percent assumed the contact was a fraud. “Analyzing those reasons, makes us aware that how we inform customers to convey that information, is useless, and we must rethink how we’re alerting individuals of their data exposure in a breach,” she explained.
Additionally, 29% of individuals who did not act when notified of a breach stated that it was the company’s responsibility to resolve the breach issue. “That is not exact,” Velasquez pinpointed, “so adequate data regarding where that obligation starts and ends is mandatory.”
“Learning that your personal information has been compromised is unsettling, but not frightening enough to do anything major that effect,” remarked Saryu Nayyar, Chief Executive Officer of Gurucul, an El Segundo, California-based threat intelligence firm.
Part of the problem she said, “is that clientele assume nothing extreme will occur to their accounts, therefore, disregarding any data breach warnings may be as a result of ignorance or indifference”. Some people may not completely comprehend what a data breach notice means and what the repercussions are.
Cynicism getting widespread.
According to James McQuiggan, who is a security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Florida, the percentage of customers disregarding data breach warnings should not be unexpected given the lack of training provided to them on the issue. If there is a breach, most consumers will assume they have little control and may not know who to call.
Many individuals do not seek out those abilities because they lack sufficient training or knowledge, which is difficult to acquire unless they work for an institution that provides it. Approximately 85 percent of people will claim they’re concerned about internet privacy, and there’s always 15 to 20 percent who simply don’t care.
According to the studies, there is also a persistent reduction in privacy as customers go from consciousness to action. So, while 85 percent are bothered about privacy, only 79 percent are prepared to take action to preserve their privacy and only approximately 50 percent act on their privacy concerns. Whenever it comes to customers who are proactive in safeguarding their privacy, the needle drops even lower: approximately 30%.
Credit Freeze Avoidance
The survey according to ITRC/DIG brought to light that upon notification of a breach, three percent of the respondents put a free on their credit in place to prevent the creation of new accounts that are mandated to have credit checks for example new loans, major purchases, and credit cards.
Velasquez agreed that freezing accounts does not have to happen in the event of each breach. “Freezing credit if user names and passwords are a part of the compromised data should not be the first, rather changing the passwords and usernames should be,” she said. However, if social security numbers and data needed to open a new financial account in your name is a part of the breached data, then a credit freeze should be the priority.
A credit free can be a headache as you will have to go through the headache of unfreezing accounts which involves a lengthy process and documentation therefore it is not worth the time unless it is the only way to safeguard your accounts.
Concerning passwords, ITRC/DIG researchers uncovered that 15 percent of those who provided feedback said they used unique passwords for their accounts. 85 percent came clean about using the same passwords or altering them slightly on several accounts.8 percent said they closely guard their passwords to mitigate fraud and identity theft.
McQuiggan observed the convenience of using the same password over and over again. Creating strong passwords, and reviewing links was the advice given to users. Many users felt like they had nothing cybercriminals would want and didn’t understand the essence of them being hacked.
It is not easy to remember complex passwords coupled with the headache of resetting if it is forgotten. Generally, the password has been existent for a long time and numerous people seek an alternative to replace it.