There’s no question that data breaches are on the rise. Since the Identity Theft Resource Center first began tracking data breaches in 2005, more than 5,500 breaches have exposed more than 800 million consumer records to identity thieves and hackers. Fortunately, consumers aren’t taking action.
In a recent survey, the ITRC tracked consumer behavior to determine what people do when they learn about a data breach. The results of Identity Theft: The Aftermath 2014 spotlight how data breaches have changed the way we think about data security. The survey was conducted by ITRC and sponsored by IDT911.
More people are taking advantage of credit monitoring services offered by breached companies, the survey showed. About 72% of respondents in the 2015 survey accepted the offer compared with only 63% the year before. A renewed focus on credit monitoring also led to a significant drop in the number of people who said they “never” check their credit or only check it “quarterly”—13% to 8%, and 9% to 5%, respectively — and an increase in consumers who say they now check it monthly, weekly and even daily.
Consumers are less willing to share information online, too. When questioned about what information they would provide to an online shopping site, most of the year-on-year numbers dropped dramatically:
- Driver’s license number — 16% to 14%
- PIN number — 20% to 14%
- Birthplace — 31% to 13%
- Birth date — 74% to 27%
- Mother’s maiden name — 47% to 20%
- Social Security number — 14% to 11%
This indicates that consumers are becoming savvier about the types of information that hackers need in order to steal identities. It also shows that consumers are more wary of providing information to a website they cannot verify is secure. One number, though, is alarming; while it’s good that only 14% of consumers once considered it safe to input an Social Security number (SSN) on a retailer’s website, the current 11% statistic is still far too high.
There were some interesting findings about SSNs based on the data from 2014 data breach notifications. Until recent years, hackers went after credit card information in a data breach, but that seems to be shifting. Identity thieves and cyber criminals have figured out that credit card numbers are easily changed and rendered useless once a breach occurs, and that the real money is in the individuals’ full identities. SSNs have become the hot item to grab, along with birth dates, mothers’ maiden names and passwords. While credit card data theft dropped from 61% to 44% in the space of one year, SSN theft increased from 36% to 52% in that same time. In fact, every other type of documented information experienced an increase in theft, such as emails, user names and passwords, while only credit card information decreased.
While there is still much work to be done in helping the public avoid scams and theft by preventing rampant oversharing, this is promising news. These numbers indicate that advocates and members of law enforcement are successfully getting the message to the public in order to help them protect their identities, even though more prevention is still needed.
More on Identity Theft:
- Identity Theft: What You Need to Know
- 3 Dumb Things You Can Do With Email
- What Should I Do If I’m a Victim of Identity Theft?