Sixteen (16) percent of respondents didn’t act after a data breach notice, leaving them and their employers vulnerable to identity crimes
SAN DIEGO, November 18, 2021 – Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, published research conducted by DIG.Works that explored several issues related to data and account compromises, as well as data breach notices.
The ITRC and DIG.Works surveyed 1,050 U.S. adult consumers about the issues and discovered that, overall, consumers reported a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between consumers’ level of awareness and actions that leave most people open to additional attacks and identity crimes.
- A shockingly high number of respondents (16 percent) took no action after receiving a notice of data breach; less than half (48 percent) changed the password only on the breached account; only 22 percent changed all of their passwords.
- Just three (3) percent of respondents said they placed a credit freeze to block new accounts from being created.
- Only 15 percent of respondents say they use unique passwords for each of their accounts; the other 85 percent admit to reusing passwords on multiple accounts.
- Thirty-three (33) percent of the respondents who do not follow suggested password practices answered that their practices are good enough; 13 percent say they don’t think strong and unique passphrases are important.
“Most people know what they should do, but choose not to in the areas of data protection and password practices,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Organizations need to review how they notify consumers of data breaches to reduce the level of inaction and improve the credit freeze adoption rates. Also, businesses should recommend to consumers that they reset any passwords that are not unique and offer multi-factor authentication with an app.”
Other findings include:
- Seventy-three (73) percent of respondents believe their personal information has been impacted by a data breach; 72 percent have received a notice of data breach letter.
- Fifty-five (55) percent of social media accounts have been compromised, including 42 percent of Facebook users and 32 percent of Instagram users.
- When asked why they didn’t act after receiving a breach notice, 26 percent said “my data is already out there;” 29 percent believed organizations responsible for protecting their data would address the issue; 17 percent did not know what to do; 14 percent thought the notice was a scam.
Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting www.idtheftcenter.org to live-chat.
About this Survey
The ITRC thanks Jonathon Sasse and Anders Steele for their donation of this research project on behalf of the ITRC and identity crime victims. Please visit DIG.Works to learn more.
About the Identity Theft Resource Center
Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.
Identity Theft Resource Center
Head of Earned & Owned Media Relations
888.400.5530 Ext. 3611