The implications of this research report are somewhat disheartening — but also important. If even with media coverage, notification laws, and HaveIBeenPwned, people STILL don’t know that their info has been caught up in multiple breaches, we need to do more educating.
It’s been nine years since the LinkedIn data breach, eight years since Adobe customers were victims of cyber attackers and four years since Equifax made headlines for the exposure of private information of millions of people.
The number of data breaches and victims has multiplied rapidly over the past decade or so, but aside from these well-publicized cases, most participants in a recent University of Michigan study remained unaware that their email addresses and other personal information had been compromised in five data breaches on average.
In the first known study to ask participants about actual data breaches that impacted them, researchers from the U-M School of Information showed 413 people facts from up to three breaches that involved their own personal information. The international team from U-M, George Washington University and Karlsruhe Institute of Technology found people were not aware of 74% of the breaches.
“This is concerning. If people don’t know that their information was exposed in a breach, they cannot protect themselves properly against a breach’s implications, e.g., an increased risk of identity theft,” said Yixin Zou, U-M doctoral candidate.
The researchers also found that most of those breached blamed their own personal behaviors for the events—using the same password across multiple accounts, keeping the same email for a long time and signing up for “sketchy” accounts—with only 14% attributing the problem to external factors.
Read more on University of Michigan News.