Today, we’re more connected than ever thanks to the prevalence of smartphones in our lives, and their integration with Cloud services. This comes at a cost, however. With so much of our personal information online, data breaches are becoming more common.
So what exactly is a data breach? In essence, it is an incident where an unauthorized person gains access to sensitive or confidential information. This may include personal health information, personally identifiable information or trade secrets. Many people have experienced this in the form of stolen credit card numbers or even hacked social media accounts. It has become very common in the United States. In fact, in 2015 alone there was a total of 781, an 8.1 increase from 2014. The most common causes of data breaches are:
- Hacking
- Employee error/negligence
- Email/Internet exposure
Targets and Consequences
One of the most notable examples of a large-scale data breach is the 2013 Target hack where cybercriminals were able to steal the identity of millions of customers. While not necessarily unique – other retail stores have experienced data breaches as well – what happened after did surprise many as a class action lawsuit made it to courts and required Target to pay consumers who had experienced credit card theft. This set a new precedence for lawsuits against retailers who experience a data breach.
The IRS is a constant target for criminals and in 2016 hackers were able to get a hold of their transcripts, compromising the information for 100,000 taxpayers. One can operate under the assumption that due to the high-value data they contain, government databases are going to be future targets.
Retail stores and government agencies aren’t the only targets, as evidenced by the data breach of the University of Florida. Hackers gained access to thousands of names, social security numbers and ID numbers of the students and professors. Wherever data is being held, hackers will try to find a way in.
For retail stores, a data breach could spell doom. It turns out 65 percent of consumers are unlikely to do business with a store after leading to a loss of profits. As data breaches increase, banks and other companies have put more safeguards in place to protect people’s identity such as chip-enhanced cards and adoption of Apple Pay and Google Wallet.
Of course, even with the additional security layers, there’s still potential for identity theft as hackers become more sophisticated. For contactless payment in general, security experts note that while RFID and NFC offer good cryptographic protection, most deployment uses proprietary technology opening up phones and payments to new insecurities.
Have Consumers Become Complacent?
Despite the uptick of data breaches, many consumers seem to take data breaches in stride. Does it mean they have gotten used to the idea? The fact that consumers are less likely to do business with stores that have been compromised show that isn’t necessarily the case. So why do they appear unconcerned? There are a couple reasons:
- Many consumers do not believe it will happen to them.
- Some argue that consumers are suffering from data breach fatigue, a condition where they ignore or minimize the consequences of having their information compromised. As many as 32 percent of consumers ignore data breach notices. Of those that do read the notice, more than 50 percent take no action to protect themselves. However, opinions differ, as evidenced in this survey by Experian, which suggests that consumers do not react as much to data breach notices, because they have already taken cautionary steps.
Across the board, consumers demand more privacy and protection but are unwilling to use privacy enhancing systems such as Virtual Private Networks or in some cases even basic security software. Of course, even if they take measures to protect their information, if the business’s own security is compromised, no measures the consumer takes on their end will keep their information safe.
For this reason, many consumers have simply accepted that a data breach will happen at some point. Unfortunately, this acceptance makes it easier for hackers. If consumers stop reporting, companies will not know of any security issues and some may even stop caring about cybersecurity. This will eventually embolden more hackers to attempt data breaches as they are less likely to suffer repercussions for their actions. This is a downward spiral that can get dangerous quickly.
For many consumers, data breaches have become the new normal and, for the most part, many do not suffer any major consequences. In fact, it is the company who experienced the breach that bears the brunt of the financial burden. Still, there are very serious drawbacks for consumers such as a potentially damaged credit history or maxed out medical coverage. Therefore, it’s important for both businesses and consumers to take the necessary precautions to reduce the opportunities for identity theft.
What steps do you take to protect your identity? Is this an issue you are concerned about? Tell us in the comments below.
Like this article? Subscribe to our weekly newsletter to never miss out!
Image: Kaleb Nyquist