Data breaches do more than expose consumers’ personal information to criminals, they cause consumers to lose trust that they will be protected by businesses, financial institutions and the government, according to a new survey from the National Consumers League and Javelin Research.
NCL and Javelin interviewed identity fraud victims in Chicago, Los Angeles, Miami and Minneapolis, finding that the vast majority had also received notice of a data breach involving their information. The report revealed that in 2013, one in three data breach victims also had their identity stolen, compared to one in nine data breach victims in 2010.
“It is evident that data breaches have become part of the public consciousness, specifically in their role in facilitating identity fraud,” NCL stated in the report. “This has severe implications for all stakeholders, as affected consumers are holding a variety of organizations accountable for failing to protect their PII from being compromised, bought, sold, and misused by fraudsters, hackers, and other criminal entities. Changing the status quo is critical to maintaining consumer trust in an environment where PII is successfully stolen en masse, on an all too regular basis.”
Victims of identity fraud also do not differentiate between financial institutions and businesses when apportioning blame for data breaches, according to this survey. Businesses tend to experience a more significant loss of consumer confidence than banks or other financial institutions. Fifty-two percent of fraud victims said that businesses should be held accountable, compared to 48 percent for banks.
“Only 10% of victims whose PII was breached at a retailer were very confident that the organization could protect them from future fraud,” said NCL. Social Security numbers were found to be the PII most frequently poached by criminals, although credit card data are the most common targets.
However, the NCL also analyzed reactions to state and federal laws on data breach and found that consumers feel the government should be taking a more active hand in protecting their data. The organization advised “immediate and comprehensive” data breach notification laws. Most state laws allow for delayed notification of breaches; the survey showed that 90% of fraud victims want laws to mandate quicker action.
“Victims expect the federal government to ensure that businesses adhere to data security standards, while at the same time they believe that existing regulations are generally insufficient,” said NCL. “Tacit support from victims for stronger federal protections has joined the chorus of voices from the financial industry who had supported changes to previously proposed legislation. While the passage of a national data breach law has remained elusive, the damage that breaches represent to the integrity of consumer identities and the success of businesses might prove too difficult for legislators to continue to ignore.”
NCL pointed out that data breaches most frequently produce identity theft, but following notification laws could prevent multiple instances of fraud against one individual. However, the survey found that many fraud victims (over a third) don’t take action to prevent further fraud on their own. NCL and Javelin’s research also indicated that most consumers don’t know where to look for assistance after an identity fraud event.