The results of a new Identity Theft Resource Center (ITRC) study on consumer perceptions and behaviors in response to identity theft and data breaches demonstrate widespread uncertainty among consumers, who don’t know how to resolve identity theft or effectively protect themselves.
After receiving the breach notification, what was your initial feeling?
Data breach victims
The study surveyed consumers who had experienced a data breach that exposed their personal information, and explored the ways that respondents reacted to the breach and the steps they took to mitigate the risk of financial harm.
- 80 percent of respondents understood that the data breach meant they were at higher risk for identity theft that could lead to financial harm, reflecting a broad awareness of the risks related to losing your personal information.
- However, 49.3 percent were confused about what to do after receiving a breach notification and 31.5 percent did not know where or whom to turn to for support.
- Most consumers were frustrated, angry and anxious (77 percent). Frustration/annoyance (32.2 percent) and anger (25.5 percent) were the top specific emotions felt upon receiving a breach notification.
- Nearly half (41 percent) said they wouldn’t do business with the breached company again, a result that points to trouble for businesses who unwittingly expose customer data.
- More than a third of respondents (38 percent) would turn to their bank for help, although banks are only obligated to address credit card or bank account fraud, not fraud related to Social Security numbers and other identifiers.
- Less than half of respondents took basic, recommended steps to protect themselves after the theft of their personal information in a data breach.
Most of the participants responded that they felt the immediate path toward help was unclear. When asked where they would look for support in the event of financial loss due to identity theft, many respondents (38 percent) said they would turn to their bank, followed by 31.5 percent of respondents who said they wouldn’t know where or who to turn to for support. Only 3.8 percent would contact their insurance company, despite most policies including identity theft coverage or monitoring.
Why didn’t you take advantage of the services which were offered?
If consumers who were exposed by the Equifax breach follow this pattern of confusion, fatigue and inaction, millions of people will be at significantly higher risk of identity theft and related financial damage compared to those who take appropriate action.
“These survey results reiterate something we already had a feeling was happening, which is that many people don’t know what to do in the event that their personal data is stolen,” said Eva Velasquez, CEO and President of the Identity Theft Resource Center. “As we are seeing with the Equifax breach, no one is immune to data breaches or the threat of identity theft, and there clearly needs to be better public education about how consumers can resolve ID theft and protect themselves.”
“Consumers understand that data breaches put them at real risk, but they don’t know who to trust or where to turn,” said Matt Cullina, CEO at CyberScout. “We need to start treating identity theft protection like we treat the risk of heart disease – with lifetime preventive measures, regular checkups and expert support. After the Equifax breach, it is no longer a question of if you will be affected – consumers need to operate under the assumption their critical data, such as Social Security numbers, has been compromised, and take steps to protect themselves proactively.”