The fallout from data breaches
Business Team Investment Entrepreneur Trading Concept
Data breaches have become routine, but the public reaction to these events is changing. Consumers are increasingly wary of sharing their information — just ask Mark Zuckerberg — and this trend raises the stakes for all financial institutions and merchants.

Europe is taking action, with the General Data Protection Regulation going into effect this month, requiring companies that do business in European Union countries to add safeguards to protect consumer data or risk fines. Though the U.S. has no similar mandate, the GDPR is refocusing attention on data breaches in the U.S. Currently 80% of U.S. adults are concerned about organizations’ ability to protect their personal and financial information, according to a new survey by the American Institute of CPAs.

Here’s a snapshot of how the ongoing barrage of data breaches is affecting consumers and their trust in the companies that handle their data.
Chart: Wary of breaches
The pace of data breaches and hacks in the U.S. seems to be relentless, with a bumper crop reported in the first part of this year. Over a period of a few days in April, a combination of attacks at several North American companies compromised the data of millions of consumers.

April 1: Hudson’s Bay Co., parent company of Saks Fifth Ave. and Lord & Taylor, announced a breach affecting 5 million debit card records used in its stores. Online systems were not involved in the attack, connected to a well-known cybercrime outfit called Joker’s Stash.

April 2: Panera Bread disclosed a breach exposing personally identifiable information and partial credit card numbers of millions of consumers who had ordered food through the bakery chain’s website. A security researcher had notified Panera of the problem on Aug. 2, 2017, but Panera initially dismissed the warning as a scam.

April 4: Delta Air Lines, Best Buy, Sears and Kmart were among companies whose customer data was compromised at various levels when hackers breached the systems of San Jose, Calif.-based [24], which provides third-party online customer and chat services for major consumer brands.

Consumers are paying attention. In a recent survey by RSA, 73% of consumers said their awareness of data breaches rose over the last five years (between 2012 and 2017), compared with 19% who said their breach awareness remained the same. Just 3% said they’re less aware of breaches than they were before and 6% weren’t sure. RSA’s report was based on a YouGov online survey of 7,500 consumers in the U.S., U.K., Germany, Italy and France conducted between Dec. 15, 2017 and Jan. 3, 2018.
Chart: Unforgiven
Consumers often change their behavior toward affected organizations following a data breach. Nearly 80% of consumers in RSA’s study said data breaches and hacks caused them to limit the amount of personal information they would share with companies. The majority, 69%, said they have boycotted—or would boycott—companies that fail to protect their data. Sixty-two percent of affected consumers said after an attack is publicized they’re inclined to blame the company, not the hacker.

Forty-five percent of consumers said they feel they have no choice when it comes to sharing their personal data with companies, suggesting growing resentment toward marketers.

If present trends continue, financial institutions and merchants are likely to get more pushback from consumers who don’t trust their organizations to keep their data safe.
Chart: Afraid to shop?
The majority of Americans are concerned that U.S. businesses aren’t doing enough to protect their financial and personal data. Sixty percent of consumers said they’ve been the victim of a scheme to defraud them, or an immediate family member has been a victim, according to a survey sponsored by the American Institute of CPAs. Harris Poll conducted the survey Oct. 12-15, 2017, among a sample of 1,006 adults weighted in demographic proportion to the U.S. population.

Eighty percent of U.S. adults said they’ve changed their behavior based on the threat of cyber breaches affecting credit card and debit card processing systems, a noteworthy fact for financial institutions and merchants trying to drive more electronic transaction volume.

Specific actions consumers are taking in response to ongoing data breaches include monitoring credit and debit card accounts for fraudulent activity (56%), using checks and cash more often (43%), shopping at local stores instead of national retail chains (40%) and reducing online activity, including limiting their presence on social media networks (26%).
Chart: Common scams
When hackers steal consumers’ personal or payment card data, it’s often sold on the dark web to crime rings who deploy the information in a variety of ways.

In AICPA’s survey, 34% of consumers directly involved in a scam said they received a letter, email or phone call from someone impersonating an Internal Revenue Service agent. Six percent said a scammer had obtained a tax refund from the IRS in their name.

Straight card fraud is the next most common type of scam involving stolen data, according to the AICPA’s survey. Twenty-eight percent of scam victims said their credit card number was stolen, and 11% said criminals had opened a new line of credit in their name or experienced account takeover.

Twenty-six percent of fraud victims said they let criminals trick them into sharing account details through email phishing scams, and 10% fell for pyramid or Ponzi schemes.
Chart: The scariest apps
New research sponsored by Kaspersky Lab illuminates consumer perceptions about where their data is at the greatest risk.

Consumers ranked social media sites at the top of mobile apps they’re least likely to trust with their personal data, with 33% expressing doubts about security. (Coincidentally, Kaspersky Lab initiated its research on mobile data trustworthiness three months before Facebook became the subject of congressional inquiries about its data-privacy rules.)

Mobile payments were close behind social media sites on the list of apps consumers don’t trust, with 29% of respondents expressing concerns. A quarter of survey respondents don’t trust banking apps with their data, followed by 17% who don’t trust messaging apps, 13% who don’t trust gaming apps and 12% who are suspicious of the way both shopping apps and ride-sharing apps handle their data. The Kaspersky Lab research was conducted by Opinion Matters among 2,515 North American internet users.