There is a dizzying array of internet security concerns to stay on top of as a digital citizen: making sure your passwords are secure, your contact information is controlled, your IP address and browser activity are masked, etc. For those looking to step up their personal internet security, a data-driven priority checklist could be handy.
HaveIBeenPwned.com is a website that tracks data breaches from companies and web services around the world, with incidents going back as far as 2007 and affecting billions of users. We accessed their API to retrieve a list of all the breaches they’ve identified and to determine what type of user information is most often stolen and sold.
We also surveyed 1,007 Americans to discover their experiences, perceptions, and concerns about data breaches. Using this data, we can provide an action priority list: Should people invest in a VPN or a password manager first? We can also look at the characteristics of sites that have been breached: Which services are most likely to be breached?
First, we took a look at the number of data breaches since 2007, and the most likely times of the year they occur.
Since 2007, over 11 billion users have been affected by breaching events. Breaches began a dramatic ascent starting in 2011. The worst year on record, so far, by number of data breaches occurred during 2016 with 2,250 recorded breaches. Three industries accounted for 95% of these: technology (68%), government (16%), and retail (11%).
Likelihood of data breaches vary based on day of the week and season. You are more likely to succumb to a data breach on a Monday or Thursday (both 16.9%) than on a Sunday (9.5%). Seasonally, wintertime data breaches (31.1%) are most common, while fall’s are least (20.2%). So, if you don’t change passwords often, the beginning of December would be an excellent time. However, it is advised to change them more frequently.
Passwords (81%) are the number one thing leaked via data breaches, making it even more essential to add frequent password changes to the top of your internet security checklist. Usernames, full names, and IP addresses were also commonly breached. Website activity and geographic location were less likely. But these are already commonly tracked through social media and other apps to be sold to third parties.
What personal data did our respondents report being leaked and what online-related actions could have played a role in the breach?
Over half (63%) of the 1,007 respondents reported being involved in a data breach, and 8% were unsure if they’d been. Baby boomers (14%) were the least likely to know if their data had ever been hacked, compared to Gen Xers (9%) and millennials (8%). Conversely, baby boomers (55%) had less reported data leaks than Gen Xers and millennials (both 63%). This could be due to their lack of knowledge from previous breaches or less frequent social media usage compared to younger generations.
The highest reported leaked information was credit cards (60%). This justifies why 89% of individuals surveyed said they were at least somewhat concerned about using sensitive data on the internet. Sensitive data can consist of banking information, credit cards, and Social Security numbers. Unadvised internet citizen actions that could have contributed to these breaches include using the same password for more than one platform. Many of the other top responses involve passwords and where they are saved. There are best practices to safely record them online or with paper-based systems. It was less common to open links from unknown senders or download files from unfamiliar websites because they may contain malware.
Respondents were polled about their knowledge of data security techniques and asked what steps they take to protect their data online.
Unfortunately, 66% of respondents said new data security techniques make securing their data more complicated. They had the most familiarity with multifactor authentication, which is not a new tool. Overall knowledge of data security and VPNs ranked lowest. VPNs, an even older security technique created by Microsoft in 1996, create a virtual private network more secure than public Wi-Fi or mobile hot spots.
Even though respondents took time to secure their data online, 64% felt they’d be more likely to incur additional data breaches in the future. The top five habits of people that have not had data leaked included the following:
Across generations, most agreed (69%) that digital privacy is very important. But baby boomers valued their digital privacy (80%) higher than younger generations, demonstrated through less social media use and lower instances of falling victim to a data breach. Millennials and Gen Xers were most worried about a Facebook hack, possibly due to the commonality of them – Facebook and Yahoo breaches are responsible for impacting the largest number of people.
Baby boomers were most concerned about a financial account being leaked and also had higher concerns about email and work account breaches, compared to their younger counterparts who may be less established in their careers. HaveIBeenPwned.com, the resource used to gather information on data breaches, offers a tool to check if your email has been compromised.
Data breaches have unfortunately become commonplace. However, if you follow the steps below that were outlined above in detail, you’ll be in a better position to thwart threats to your digital privacy:
If you want to learn more about data privacy and how to keep your information secure, check out the knowledge base at RouterNetwork.
This study uses data from a survey of 1,007 people located in the U.S. Survey respondents were gathered through a bespoke online survey platform where they were presented with a series of questions, including attention-check and disqualification questions. 56.5% of respondents identified as men, while 43.5% identified as women. Respondents ranged in age from 18 to 81 with an average age of 37. 31.2% of respondents were millennials, 25.7% were Gen Xers, 20.5% were baby boomers, and 22.6% were Gen Zers. Participants incorrectly answering any attention-check question had their answers disqualified. This study has a 3% margin of error on a 95% confidence interval.
Please note that survey responses are self-reported and are subject to issues, such as exaggeration, recency bias, and telescoping.
This study also utilizes data from HaveIBeenPwned.com via their API. We utilized their API to retrieve a list of all the breaches they’ve identified and to determine what type of user information is most often stolen and sold.
Unlike an unwanted data breach, we welcome sharing this study’s findings. All we ask is that you use the information for noncommercial purposes and give credit by linking back to our study.