What Do You Do After a Data Breach? The Numbers Are Telling

What Do You Do After a Data Breach? The Numbers Are Telling

There’s no question that data breaches are on the rise. Since the Identity Theft Resource Center first began tracking data breaches in 2005, more than 5,500 breaches have exposed more than 800 million consumer records to identity thieves and hackers. Fortunately, consumers aren’t taking action.

In a recent survey, the ITRC tracked consumer behavior to determine what people do when they learn about a data breach. The results spotlight how data breaches have changed the way we think about data security. The survey was conducted by ITRC and sponsored by CyberScout.

More people are taking advantage of credit monitoring services offered by breached companies, the survey showed. About 72 percent of respondents accepted the offer in 2015 compared with only 63 percent in 2014. A renewed focus on credit monitoring also led to a significant drop in the number of people who said they “never” check their credit or only check it “quarterly”—13 percent to 8 percent, and 9 percent to 5 percent, respectively—and an increase in consumers who say they now check it monthly, weekly, and even daily.

Consumers are less willing to share information online, too. When questioned about what information they would provide to an online shopping site, most of the year-on-year numbers dropped dramatically:

  • Driver’s license number—16 percent to 14 percent
  • PIN number—20 percent to 14 percent
  • Birthplace—31 percent to 13 percent
  • Birth date—74 percent to 27 percent
  • Mother’s maiden name—47 percent to 20 percent
  • Social Security number—14 percent to 11 percent

This indicates that consumers are becoming savvier about the types of information that hackers need in order to steal identities. It also shows that consumers are more wary of providing information to a website they cannot verify is secure. One number, though, is alarming; while it’s good that only 14 percent of consumers once considered it safe to input an Social Security number (SSN) on a retail website, the current 11 percent statistic is still far too high.

There were some interesting findings about SSNs based on the data from 2014 data breach notifications. Until recent years, hackers went after credit card information in a data breach, but that seems to be shifting. Identity thieves and cyber criminals have figured out that credit card numbers are easily changed and rendered useless once a breach occurs, and that the real money is in the individuals’ full identities. SSNs have become the hot item to grab, along with birth dates, mothers’ maiden names, and passwords. While credit card data theft dropped from 61 percent to 44 percent in the space of one year, SSN theft increased from 36 percent to 52 percent in that same time. In fact, every other type of documented information experienced an increase in theft, such as emails, user names, and passwords, while only credit card information decreased.

While there is still much work to be done in helping the public avoid scams and theft by preventing rampant oversharing, this is promising news. These numbers indicate that advocates and members of law enforcement are successfully getting the message to the public in order to help them protect their identities, even though more prevention is still needed.

Eva Velasquez is CEO of the Identity Theft Resource Center.