What’s stopping consumers from acting on a data breach notice?
Only three percent of consumers implemented a credit freeze after receiving a data breach notice, 11 percent enrolled in credit/data monitoring, and only 22 percent changed all of their account passwords, a recent survey by DIG.Works on behalf of the Identity Theft Resource Center (ITRC) has shown.
48 percent of the respondents only changed the password on the breached account, and 16 percent took no action at all.
Those that didn’t act after receiving a breach notice offered a variety of reasons – from “My data is already out there” to being unsure of what to do.
The ITRC believes that organizations should review how they notify consumers of data breaches with the goal of reducing the level of inaction and improving the rates of credit freeze adoption.
Additional findings
The results of the survey, which includes answers from 1,050 U.S. adult consumers, have shown that 73 percent of the pollees have been affected by a data breach, and 72 percent received a notification letter about it.
Also, that only 8 percent of respondents closely guard their passwords to prevent identity theft and fraud (they are more concerned about protecing their Social Security Numbers and payment card data), and only 15 percent of respondents use unique, complex passwords for each of their online accounts.
The remaining 85 percent of users either use the same password for many accounts, use variations of the same password, or unique but easy to remember passwords.
The reasons for not using a different password for each account are several (and likely overlapping):
“Consumers should follow password best practices, including long, unique passwords on every account,” the ITRC says, but also advises businesses to strongly recommend consumers reset any password that is not unique, as well as offer the option of enabling multi-factor authentication (MFA) using a mobile app.
“Overall, consumers report a high level of awareness of data compromises and the range of actions they can take to protect themselves before and after a data breach. However, there is a significant gap between the level of awareness and the actions taken by consumers that leave most people vulnerable to additional attacks and a continuing risk of identity crimes,” the ITRC concluded.