If you've been paying attention to the news, data breaches might seem like a dime a dozen these days.
In 2018, roughly 5 billion people had their information and sensitive data exposed in criminal hacks, including over 765 million people between April and June that same year. If you had an account with businesses ranging from Marriott and T-Mobile to British Airways or Facebook, there's a chance you could be among the millions of people whose email addresses, passwords, passport number, credit card numbers, and billing address were exposed unlawfully.
Worst of all, industry experts warn things will likely get worse before they get better. After the record losses from breaches over the last decade, it's hard to imagine what else could go wrong – but your records may still be in danger.
For more insight, we surveyed over 1,000 people (including nearly 300 who were victims of a breach) about their reaction to data breaches and how these breaches altered their perceptions of businesses. Read on as we analyze how respondents' digital routines have changed to protect their information and how their trust in corporations has shifted.
Front of Mind
According to the 1,107 people surveyed, 27% acknowledged their information was leaked in at least one of the major data breaches in 2018.
While Marriott may have been victim to one of the biggest corporate hacks in the last decade, the loss of 500 million customers' names, mailing addresses, phone numbers, and passport details may have been overshadowed by another corporate data breach. 2018 turned out to be a very bad year for Facebook. About 70% of people correctly identified the social network platform as a victim of a major data breach in 2018, the same year the Cambridge Analytica scandal broke, followed by further reports of third-party companies being granted sensitive information about Facebook's users without their permission. In September of 2018, Facebook revealed a data breach had also exposed the personal information of 50 million users, including 30 million users whose accounts could be taken over by the use of illegally acquired "access tokens."
Following Facebook, data breaches at Marriott (24%), Under Armour (20%), Panera Bread (17%), and T-Mobile (nearly 16%) were among the most memorable. In 2018, the account number, email, and billing address of roughly 2.3 million T-Mobile customers were exposed in a data breach. However, many people improperly identified data breaches that never occurred. Nearly 30% of respondents claimed they knew of five data breaches in 2018 that never truly took place.
Making a Change
Before we can talk about how to safeguard against data breaches and the loss of sensitive information, it's important to recognize how much access we give away regularly.
While being in control of who has access to our information is "very important" to a majority of Americans, we may be giving it away with a simple click nearly every day. Unfortunately, most people don't have the time to read the terms and conditions associated with every account they make, and there's no avoiding having to share at least some personal information when booking a flight or signing up with a new mobile carrier. Industry experts recommend using unique passwords on all accounts so that one data breach doesn't affect you elsewhere and encrypting certain aspects of your digital activity where applicable.
As we found, 59% of people made efforts to strengthen their passwords after learning of a major data breach in 2018, and another 45% were more wary of giving out their financial information online. While just 35% of people stopped logging into their personal accounts on public Wi-Fi networks, accessing the internet from an unverified source can be a risky business. In fact, accessing your accounts from a public Wi-Fi signal could expose you to data theft. Millennials were the least likely to make their passwords more difficult to guess but were more likely to be suspicious of public Wi-Fi and to use credit monitoring services.
How Data Is Exposed
Of the more than 900 people surveyed about data loss, 299 were data breach victims.
While you might be more worried about your financial data than anything else, other personal details can be equally as sensitive. Once a hacker has acquired a massive library of login details and passwords, they may use that information to gain access to a website where they can pose as you or have access to your financial records. One study found 90% of attempts to log in to retail websites aren't by account holders, followed by 60% of attempted logins on airline sites.
Nearly 50% of people who experienced a data breach had their email addresses leaked, followed by their full name (48%), phone numbers (30%), residential address (over 20%), and account login information (17%). Nearly 1 in 5 people had their financial information leaked in a data breach, including their credit card information (almost 14%), debit card information (around 12%), and bank account or routing number (6%). While 42% of victims learned their information had been leaked directly from the breached company, even more (43%) learned of the breach from media reports.
Building Up Barriers
After the Cambridge Analytica scandal in early 2018, trust in Facebook dropped 66% from 79% in 2017 to just 27% in the first week after the news broke of the scandal. With many people using the social media platform less by the end of 2018, and over 40% of users aged 18-29 removing Facebook from their phones, it's easy to see why users may have lost confidence in the tech giant following some of its public trials and tribulations in 2018.
But Facebook isn't the only business to lose consumer trust following a major data breach. On average, respondents' trust in a company declined by more than 67% after a data breach, led by Facebook (85%), Marriott (78%), and SunTrust Banks (77%). Additionally, 92% of people believed companies should be held legally responsible for financial losses to their customers after a breach, and more than 1 in 5 were unwilling to give their information to a company that had been exposed to hacking.
What's Happening in Security?
Yahoo still holds the record for the worst data breach of all time with more than 3 billion user accounts compromised in 2013 and 2014, including their customers' real names, email addresses, passwords, and phone numbers. Still, corporations still have not managed to develop a reliable defense against data breaches--billions of people were exposed to data loss in 2018.
As we found, most people were only loosely familiar with the total number of corporate breaches that occurred in 2018,Though the majority of people admitted to losing trust in corporations that experienced data breaches, most were unwilling to cut ties with these companies Instead, most people made their account passwords harder to guess and were more selective with whom they gave their financial information after learning of a breach, even though 1 in 3 people who experienced a data breach ultimately weren't sure which information was targeted.
We collected responses from 1,107 American survey respondents on their awareness of major data breaches in 2018. Survey respondents who reported they were unaware of all listed 2018 data breaches were barred from further participating in the survey. Of the remaining 961 respondents, 50.4% identified as female, 49.4% identified as male, and less than 1% identified as a gender unlisted on our study. Participants' ages ranged from 18 to 75, with a mean of 37 and a standard deviation of 11.9 years.
This study included data breaches that occurred from Jan. 1, 2018, to Dec. 31, 2018, regardless of the public reporting date. Only breaches leaking over 500,000 consumer records that affected consumers on a national scale were included.
Fair Use Statement
With billions of people exposed in data breaches in 2018, your readers have a high chance of being personally affected. Help share more details about corporate data breaches by utilizing the results of our study for any noncommercial use with the inclusion of a link back to this page in your article.