If you’re like me, then your sensitive data has been compromised in a data breach — probably multiple times.
An exclusive CNET survey found that 47% of US adults know that their personal data was leaked in a cyberattack, with Gen X and Baby Boomers reporting higher levels of their sensitive data being leaked. About half of millennials surveyed said they have also been impacted by a data breach while one in four Gen Z respondents say their data was leaked.
Data breaches happen almost every day for a number of reasons, including phishing attacks by malicious actors, human error and even employees looking to profit from company data.
The good news is data breaches don’t directly result in identity theft or fraud. It will, however, put you at greater risk of phishing attempts on your personal devices. So it’s on us to keep our data and identity safe.
CNET’s cybersecurity survey uncovered trends in how people responded after learning of their involvement in data breach, what scams worry them the most and how they are protecting their identities online, especially during the busy holiday shopping season.
Key takeaways
- 84% of respondents are taking some sort of method to protect their personal data this holiday season.
- However, 71% of US adults have already taken actions deemed dangerous by security experts in safeguarding their personal data in the past year.
- CNET found that 41% of US adults surveyed have used the same password across multiple accounts in the last 12 months. Arguably more concerning is that one in five adults have also unenrolled in two-factor authentication in the last year.
- One in five US adults are unsure if their data has been compromised in a cyberattack.
Most people change their passwords after a data breach
The first steps you take after learning you’ve been impacted by a data breach are crucial. Most adults, 68% to be exact, have changed their password after learning of a cyberattack, while another 41% enrolled in two-factor authentication across multiple online accounts.
Other popular responses to having your information exposed in a data breach include placing a fraud alert on credit reports (35%) and signing up for identity theft protection (33%).
When a company suffers a data leak, they often mail notices to potentially impacted customers, which include free activation codes for identity theft protection. The coverage typically spans one or two years — depending on the severity of the breach and what personal info was compromised. But you can sign up for identity theft protection on your own after the offer expires.
One of the best ways to protect yourself after a data breach wasn’t a step most respondents took. Only 27% of US adults said they froze their credit following a breach. Credit freezes are free to the public and are a great way to thwart identity fraud, experts say. I froze my credit in April and found it to be a simple process.
“Never wait to be notified of a data breach to freeze your credit,” said Adam Levin, author and co-host of the podcast What the Hack with Adam Levin. “If your credit is frozen, no one can access your credit files. This means that it is impossible for anyone – including you – to open a new credit account until your file is thawed.”
Notably, 20% of adults completely stopped using a company’s services after being impacted by a data breach.
Most Americans have bad password habits
While data breaches are out of a customer’s control, how you protect your own data online is something you can manage. It all starts with strong password hygiene.
CNET found that 41% of US adults surveyed have used the same password across multiple accounts in the past year. This is a practice that leaves you susceptible to credential stuffing by cybercriminals — whereby they gain access into one account and test those same credentials elsewhere.
Experts, for this reason, recommend using a unique password for each of your online accounts. If that sounds too difficult, a password manager can help.
“With a password manager, you don’t have to remember any of your passwords because the software stores all of them for you in a secure vault and can autofill them when you login to your accounts,” said Attila Tomaschek, CNET staff writer and digital privacy expert.
A password manager can monitor the dark web for compromised credentials and notify you of data breaches, so you can update your passwords, if they get exposed, he added.
Arguably more concerning is that one in five adults have also unenrolled in two-factor authentication in the last year. Many financial institutions and retailers will periodically send push notifications or text codes to your phone to verify your identity or if you’ve logged onto your account from a new device. That extra layer of security can help keep cybercriminals out and alert you if someone is trying to gain access to your account.
“This might feel a little inconvenient and add a few extra seconds to the login process, but it’s well worth it,” said Neal O’Farrell, a cybersecurity expert and CNET expert review board member.
Cybersecurity is top of mind for shoppers this holiday season
The holidays bring lots of cheer, but also an increased risk of falling for a scam that can ruin your jolly mood.
Overall, 84% of people surveyed said they’re taking some form of extra security measure this year when buying gifts. While some shoppers will be buying only in person, nearly half of adults (48%) said they will shop only on reputable websites. Many (43%) are also choosing to buy directly from mobile apps like Amazon, Walmart, Target and Etsy to avoid being lured to fake websites.
Thirty-seven percent of holiday shoppers will also be strengthening password hygiene by taking steps such as enabling two-factor authentication on new accounts or using unique passwords, a password manager or a passkey.
Fewer said they would check that a website has “https” encryption (31%) or use a digital wallet like Apple Pay or Google Wallet and Samsung Wallet (24%). Digital wallets use tokenization, which in layman’s terms prohibits a retailer from viewing or storing your actual card information. If that retailer is hacked in the future, your card information will remain safe.
Non-delivery scams worry shoppers the most
With fraud on the rise, 66% of Americans are worried about falling victim to a scam this holiday season and beyond.
About one quarter of respondents are most afraid of non-delivery package scams. These fraudulent schemes involve scammers sending an email or text that looks like it’s from UPS or FedEx that includes a fake shopping notification or claims there’s a problem with a delivery. The intent is simply to steal your personal or financial information after you click the provided link.
“The best thing to remember is to just skip the links, and definitely any attachments, in these messages,” said Bree Fowler, senior cybersecurity and digital privacy writer at CNET. “Instead, go straight to the shipper’s website (UPS, USPS, FedEx.) and enter your tacking info. If the message looks to be from a retailer you do business with, go straight to their app or website.”
Package-related scams are always big this time of year, with more people shopping online for the holidays. Shoppers spent a total of $13.3 billion on Cyber Monday alone this year, up 7.3% year-over-year, according to Adobe.
One in five Americans additionally fear being duped by customer support scams where a fraudster pretends to work at a legitimate institution and convinces you to share your account information. Other common scams people are scared of falling for include charity scams, gift card draining scams and romance scams.
Additionally, with tax season right around the corner, you should also file your taxes early to avoid tax return fraud and watch out for being scammed by a con artist claiming you owe the IRS money.
If you ever receive an unprompted call or message, hang up and call the company or federal agency directly using the number on its official website to confirm the validity of the communication.
“Never authenticate yourself to anyone who contacts you, even if you believe they are someone of authority at a government agency or an organization with which you have a relationship,” Levin said.
Scammers often prey on you by instilling a false sense of urgency in their requests. Don’t fall for this. Instead, take time to think through what’s happening so you don’t accidentally make it easier for a scammer to get their hands on your sensitive data or money.
“Crime is like any business and criminals have only so much time they can devote to a particular target before they deem it unprofitable,” O’Farrell told CNET. “The harder you make it for them and the more you frustrate their attempts, the quicker they’ll move on.”
Methodology
CNET commissioned YouGov Plc to conduct the survey. All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2,518 adults. Fieldwork was undertaken between Nov. 4-7, 2024. The survey was carried out online. The figures have been weighted and are representative of all US adults (aged 18 and older).