There’s no question that identity theft has had a huge impact on consumers. According to a Javelin Strategy & Research Study, in 2014, approximately 12.7 million Americans were victims of identity fraud, losing a total of $16 billion to thieves. The study found that two-thirds of identity fraud victims in 2014 had received a data breach notification in the same year, suggesting that many of these cases may have resulted from a data breach.
Despite the increase in data breach incidents, suggestions about how to better protect against identity theft, and notification once they learned they were at risk, some consumers did not take adequate precautions, such as canceling debit and credit cards and changing their passwords after they received a breach notification.
Is it possible that prior to being victims of identity theft, these same consumers were victims of data breach fatigue?
The phrase “data breach fatigue” has been coined by media outlets from NPR to The Washington Post and refers to the “numb” reaction consumers seem to have as the number of data breach incidents continues to climb.
According to a study by Unisys, a global information technology company, consumers had relatively little concern about data breaches in 2014. The firm’s annual U.S. Security Index tallied an overall score of 123 out of a possible 300, the second lowest score since Unisys began conducting the survey in 2007. That’s despite 783 data breaches in 2014—a record high, according to the Identity Theft Resource Center (ITRC).
Security experts cite the lack of consequences for consumers as a major cause of data breach fatigue. In many cases, the company that suffered the breach bears the brunt of the financial burden, alongside credit card companies and financial institutions. Some consumers become victims of identity theft after a data breach, but those who do not find that their biggest inconvenience is requesting a new credit or debit card (and in some cases, that is mailed to them automatically, with no need to request it).
The consequences of data breach fatigue
Despite—or maybe because of—the seemingly constant media attention about data breaches, Americans haven’t changed their financial behaviors to keep their accounts more secure. An RSA survey found that 45 percent of consumers say that recent breaches have not affected their use of credit or debit cards, and about one out of every three Americans uses the same one or two passwords for all their online accounts.
To add to this, identity theft prevention doesn’t seem to be top of mind for most consumers. A Ponemon Institute study from May 2014 found that when consumers received data breach notifications, 32 percent “ignored the notifications and did nothing.”
But ignoring a notification can put you at risk of identity theft. Identity thieves can use your fraudulently obtained information to do everything from establish new credit cards in your name, apply for a mortgage, damage your credit history, and even use your information to obtain medical care. The ITRC found that after identity theft, 35 percent of victims reported that their ability to obtain credit was affected, and 20 percent saw their ability to secure employment affected.
What you should do after a data breach
If you’ve received notification that your information may have been exposed in a data breach, don’t be an idle bystander. You still have a chance to protect your identity. Here are a few things to consider if you’ve experienced a data breach:
1. Verify that the data breach notification is real. After a data breach, scammers have been known to send phishing emails to consumers, claiming to be from the breached organization and offering credit monitoring services. These emails often contain a link to a website that requires you to enter your personal information. Before you respond to any emails or divulge any personal information, contact the company directly to verify that the email is authentic.
2. Freeze your credit report to help make it more difficult for identity thieves to apply for new credit accounts in your name.
3. Request a new debit and/or credit card, and cancel your existing credit or debit card so that thieves cannot use it to make purchases.
4. If a free credit monitoring service is offered, sign up for it. Breached companies typically offer free credit monitoring services. If you want to monitor your credit on a regular basis, you may want to consider purchasing a credit monitoring product. These products will also alert you to key changes in your credit file, including new accounts opened in your name.
5. Change your passwords. Be sure to change your passwords and make them unusual, long phrases with several different types of characters. Don’t use the same password for every online account.
6. Watch out for phishing emails that appear to come from a breached company. These emails might ask you to click on links, download attachments, or hand over personal information. Rather than clicking on a link in an email, go directly to the company’s website in a separate browser.
Data breaches are forecast to continue in 2015. In order to help better protect yourself, be vigilant about checking your credit report and bank accounts for unauthorized activity, and follow up with your creditors and other financial institutions about anything suspicious. If you are concerned that your identity may have been compromised in a breach, you may also want to place an initial fraud alert on your credit report.
Diane Moogalian is vice president of operations for Equifax Personal Solutions. Prior to joining Equifax in 2007, Diane held several strategic roles with leading financial services companies. Diane graduated from the University of Richmond with a Bachelor of Science in Business Administration (Marketing and Economics) and earned a Certificate in International Business from Virginia Commonwealth University.
The information contained in this blog post is designed to generally educate and inform visitors to the Equifax Finance Blog. The blog posts do not give, and should not be assumed to provide, personalized tax, investment, real estate, legal, retirement, credit, personal financial, or other professional advice. Before making any financial decision, you should always consult with the appropriate professionals who can explain your options, rights, and legal responsibilities, and advise you on any tax, legal, credit, or business implications that may result from those decisions. The views and opinions expressed by the authors of blog posts are their own views and may not be the views or opinions of Equifax, Inc. and/or its affiliates.