ITRC and DIG.Works Data Breach Notice Research
Shows Consumers Don’t Act After a Data Theft
“A shockingly high number of respondents (16 percent) took no action after receiving a notice of data breach; less than half (48 percent) changed the password only on the breached account; only 22 percent changed all of their passwords.” ITRC and DIG.Works Data Breach Notice Research
About the ITRC and DIG.Works Data Breach Notice Research
The Identity Theft Resource Center (ITRC) and DIG.Works surveyed 1,050 U.S. adult consumers on topics related to data compromises, data breach notices, and the actions taken, if any, in response to both events. The findings fall into three primary categories:
- Most consumers have been the victim of a data breach; more than half of social media users have had their accounts compromised.
- Few consumers take strong actions to protect themselves after receiving a breach notice, including the most effective protection, a credit freeze.
- Most consumers do not follow secure password practices, with more than half saying it’s too difficult to keep up with all their credentials.
The DIG.Works research, performed pro-bono for the ITRC, explored several issues related to data and account compromises, as well as data breach notices.
Overall, consumers report a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between the level of awareness and the actions taken by consumers that leave most people vulnerable to additional attacks and a continuing risk of identity crimes.
In other words, most people know what they should do, but choose not to do so in two key areas: Data Protection and Password Practices.
The ITRC thanks Jonathon Sasse and Anders Steele for their donation of this research project on behalf of the ITRC and identity crime victims. Please visit DIG.Works to learn more.
Learn more about our surveys and studies. For questions about the report, contact communications(at)idtheftcenter.org