If you’re like me, your sensitive data has been compromised in a data breach—probably multiple times.
An exclusive CNET survey found that 47% of US adults know that their personal data leaked in a cyber attackwith Gen X and Baby Boomers reporting higher levels of leakage of their sensitive data. About half of millennials surveyed said they’ve also been affected by a data breach, while one in four Gen Z respondents say their data has been leaked.
Data breaches happen almost every day for a number of reasons, including phishing attacks by malicious actors, human error, and even employees looking to profit from company data.
The good news is that data breaches do not directly lead to identity theft or fraud. However, this will put you at greater risk of phishing attempts on your personal devices. So it’s up to us to keep your data and identity safe.
CNET’s cybersecurity survey revealed trends in how people reacted after learning about theirs involvement in a data breachwhat scams worry them the most and how they protect their identities online, especially during the busy holiday shopping season.
Key findings
- 84% of respondents take some method to protect their personal data during the holiday season.
- However, 71% of US adults have already taken actions considered unsafe by security experts to protect their personal data in the past year.
- CNET found that 41% of US adults surveyed had used the same password on multiple accounts in the past 12 months. Perhaps more worryingly, one in five adults have also opted out of two-factor authentication in the past year.
- One in five US adults are unsure if their data has been compromised in a cyberattack.
Most people change their passwords after a data breach
The first steps you take after learning that you have been affected by a data breach are critical. Most adults, 68% to be exact, have changed their password after learning of a cyber attack, while another 41% have engaged in two-factor authentication across multiple online accounts.
Other popular responses to having your information exposed in a data breach include placing a fraud alert on credit reports (35%) and registering for identity theft protection (33%).
When a company suffers a data breach, it often sends notifications to potentially affected customers that include free activation codes to protect against identity theft. Coverage typically spans one or two years—depending on the severity of the breach and what personal information was compromised. But you can sign up for identity theft protection yourself after the offer expires.
Protect your privacy and have peace of mind with CNET’s top picks for identity theft software.
One of the best ways to protect yourself after a data breach is not a step most respondents take. Only 27% of US adults said they had their credit frozen after a breach. Credit freezes are free to the public and a great way to prevent identity fraud, experts say. I froze my credit in April and found it to be an easy process.
“Never wait to be notified of a data breach to freeze your credit,” said Adam Levine, author and co-host of the What the Hack podcast with Adam Levine. “If your credit is frozen, no one can access your credit files. This means that it is impossible for anyone – including you – to open a new credit account until your file is unfrozen.”
Notably, 20% of adults have completely stopped using the company’s services after being affected by a data breach.
Most Americans have bad password habits
While data breaches are out of the customer’s control, how you protect your own data online is something you can manage. It all starts with strong password hygiene.
CNET found that 41% of US adults surveyed had used the same password on multiple accounts in the past year. It is a practice that makes you susceptible to filling out certificates by cybercriminals – where they gain access to one account and test the same credentials elsewhere.
For this reason, experts recommend using a unique password for each of your online accounts. If that sounds too difficult, a password manager can help.
“With a password manager, you don’t have to remember any of your passwords because the software stores them all for you in secure storage and can fill them in automatically when you sign in to your accounts,” said Attila Tomaszek, CNET staff writer and digital privacy expert.
A password manager can monitor the dark web for compromised credentials and notify you of data breaches so you can update your passwords if they’re exposed, he added.
Perhaps more worryingly, one in five adults have also opted out of two-factor authentication in the past year. Many financial institutions and retailers will periodically send push notifications or text codes to your phone to verify your identity or if you’ve signed into your account from a new device. This extra layer of security can keep cybercriminals at bay and alert you if someone tries to do so access your account.
“This may seem a little awkward and add a few extra seconds to the sign-in process, but it’s worth it,” said Neil O’Farrell, a cybersecurity expert and Member of CNET’s Expert Review Board.
Cybersecurity is top of mind for shoppers this holiday season
The holidays bring a lot of cheer, but also an increased risk of falling for a scam that can ruin your merry mood.
Overall, 84% of respondents said they are taking some extra security measure when buying gifts this year. While some shoppers will only buy in person, nearly half of adults (48%) say they will only shop from reputable websites. Many (43%) also choose to buy directly from mobile apps like Amazon, Walmart, Target and Etsy to avoid being lured to fake websites.
Thirty-seven percent of holiday shoppers will also strengthen password hygiene by taking steps such as enabling two-factor authentication on new accounts or using unique passwords, a password manager or access key.
Fewer said they would check whether a website has “https” encryption (31%) or use a digital wallet as Apple Pay or Google Wallet and Samsung Wallet (24%). Digital wallets use tokenizationwhich in plain language prohibits the merchant from viewing or storing your actual card information. If this merchant is hacked in the future, your card information will remain safe.
No-delivery scams worry buyers the most
As fraud increases, 66% of Americans are concerned fall victim to fraud this holiday season and beyond.
About a quarter of respondents fear undelivered package fraud the most. These scams involve scammers sending an email or text that looks like it’s from UPS or FedEx, that includes a fake shopping notification or claims there’s a delivery problem. The goal is simply to steal your personal or financial information after you click on the provided link.
“The best thing to remember is to just skip the links and definitely any attachments in these messages,” said Bree Fowler, senior writer for cybersecurity and digital privacy at CNET. “Instead, go directly to the shipper’s website (UPS, USPS, FedEx.) and enter your pinning information. If the message appears to be from a retailer you work with, go straight to their app or website.”
Package scams are always big this time of year, with more people shopping online for the holidays. Shoppers spent a total of $13.3 billion on Cyber Monday alone this year, up 7.3 percent year over year, according to Adobe.
One in five Americans also fear being defrauded by customer support scams, where a fraudster pretends to work at a legitimate institution and convinces you to share your account information. Other common scams that people are afraid of falling for include charity scams, gift card rip off scams and romantic scams.
Also, with tax season right around the corner, you should also file your taxes early to avoid tax return fraud and be careful not to get scammed by a scammer claiming you owe money to the IRS.
If you ever receive an unsolicited call or message, hang up and call the company or federal agency directly using the number on its official website to confirm the validity of the communication.
“Never identify yourself to anyone who contacts you, even if you think it’s someone in authority at a government agency or organization you’re associated with,” Levin said.
Scammers often come after you by instilling a false sense of urgency in their requests. Don’t fall for it. Instead, take the time to think about what’s going on so you don’t accidentally make it easy for a fraudster to get their hands on your sensitive data or money.
“Crime is like any business, and criminals only have so much time they can devote to a particular target before they judge it to be unprofitable,” O’Farrell told CNET. “The harder you make it difficult for them and the more you thwart their attempts, the faster they’ll move on.”
Methodology
CNET commissioned YouGov Plc to conduct the survey. All figures, unless otherwise stated, are from YouGov Plc. The total sample size was 2518 adults. The fieldwork was carried out between 4-7 November 2024. The survey was conducted online. Figures are weighted and representative of all US adults (ages 18 and older).
