Too many people respond with a shrug and maybe change their password. That’s asking for trouble.
3 min
How do consumers respond when their online accounts are exposed to hackers? Many of them simply don’t.
Data breaches at major firms have become all too common, with more than 110 million user accounts exposed in just the second quarter of 2023. Yet our research found that nearly two-thirds of U.S. consumers would return to a site after they were notified of a breach—with only the bare minimum of precautions, like changing their passwords.
Almost a quarter of the roughly 200 people we surveyed said they would return to the compromised website with no changes to their behavior at all. Only 10% said they wouldn’t go back.
Even people who had cybersecurity training within the past 90 days—in other words, people who should be primed to protect themselves—took risks. In this subsequent study, over a quarter of roughly 500 people said they would return to the breached website while taking the absolute minimum security measures, and only about 9% would take more-complicated steps such as setting up two-factor authentication. And they would do that only if they experienced real financial consequences, like fraudulent charges on their credit cards.
Why wouldn’t people protect themselves? Many of the consumers we surveyed believed that there were few—if any—alternatives to the websites they used frequently, and all websites seemed to be affected by data breaches. Why bother beefing up security? Likewise, some people said they would stick with a compromised site because they had put so much time and effort into their presence on it—a classic sunk-cost fallacy.
Since doing nothing may put your finances and personal information at risk, what should you do in case of a breach? Based on my experience as a researcher in this domain and guided by input from customers recovering from data breaches, I recommend the following actions.
Take each data-breach notification seriously. Immediately change passwords on the affected sites and sign up to follow the updates from the breached firm. This is also a good time to ensure your passwords are unique and not being used across several sites.
Find out what kind of breach it is. Some breaches violate your privacy—such as stealing your playlist or viewing preferences—but may not be as damaging as other hacks. So they may just require a simple password change on the affected site. Even the breach of encrypted password data, such as in the LastPass data breach, while serious, isn’t an immediate threat.
On the other hand, things like compromised credit-card numbers, financial data and personally identifiable information need stronger attention. Even seemingly innocuous breaches of social-media networks may reveal data that can be used to impersonate you and perhaps be used to invade the privacy of those around you. For instance, hackers might be able to figure out your “forgot password” questions on websites by learning where you grew up, the names of your pets and more.
Set up push notifications for financial data. When you’re notified of data breaches that involve credit cards or payment information, review the transactions on the affected accounts, going back to the previous payment period. Whether or not there has been unusual activity, protect yourself by adding mobile push notifications for credit-card transactions—an option offered by most credit cards, online-payment mechanisms and banks. Most notifications happen in real time, so consumers affected by data breaches can quickly identify and contest improper charges.
Use free credit monitoring. Some credit cards and banking firms such as Discover and Chase provide free monitoring of consumer credit and provide monthly updates of noteworthy events and changes. Some go further and provide benefits such as removal of your personally identifiable information found on public sites, including data brokers. Using these services is an easy way to identify and report fraudulent activity, as well as protect against identity theft—so review this data regularly if your information has been exposed.
Enable dual-factor authentication on all of your accounts. This is a good practice in general but is especially important for anyone affected by data breaches. With dual-factor authentication, you enter your password as usual but then confirm your identity using a personal device, typically a mobile phone. This limits someone from logging into the account with a stolen password.
Along with enabling dual-factor authentication, there are a number of steps you should take in the event of a social-media breach.
First, change the password and log in with the new one. Check the login-activity page to see if anyone other than you has logged in, and then look for the option to delete all other active sessions—so every other device that is currently logged in is effectively logged out.
Also review all direct messages, posts, and comment activity on the account, and report anything suspicious. If it affects other people, let them know. Finally, pause or temporarily deactivate the account, if that is an option, to make it even tougher for hackers to get access.
Rajendran Murthy is the J. Warren McClure Research Professor of Marketing at the Rochester Institute of Technology’s Saunders College of Business.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
Following the successful launch of its Palais Collection, MAISON de SABRÉ has unveiled a new modular handbag system offering more than 720 styling combinations.
Automobili Lamborghini and Babolat have expanded their collaboration with five new colourways for the ultra-exclusive BL.001 racket, limited to just 50 pieces worldwide.
With US$40 million already committed, the Global Talent Fund is attracting investor attention with a strategy focused on building globally scalable consumer brands alongside high-profile talent.
2 min
A new investment fund targeting celebrity-founded consumer brands has secured US$40 million in commitments and is rapidly approaching its US$50 million fundraising target, signalling growing investor appetite for alternative opportunities beyond traditional asset classes.
The Global Talent Fund, which has a maximum raise of US$100 million, focuses on building and investing in consumer businesses alongside celebrities, athletes, and influential personalities who play an active role as co-founders rather than simply endorsing products.
The strategy is based on the belief that changes in consumer behaviour, particularly the rise of social media and digital engagement, have fundamentally altered how brands are built and scaled.
GTF founding partner Jeremy Hunt, who is helping lead the fund’s strategy, said consumers increasingly feel connected to personalities they follow online and are more willing to support products developed by those individuals.
“Consumers are searching for content to engage with, and when a celebrity they like or follow takes them on the journey of creating a product or brand, they genuinely feel part of that process,” he said.
The fund is targeting high-growth consumer sectors including wellness, hydration, beauty and recovery, areas Hunt believes continue to benefit from strong global demand and ongoing innovation.
Rather than backing celebrity endorsement deals, the fund is seeking businesses where talent is deeply involved in product development, brand creation and long-term growth.
According to Hunt, authenticity remains one of the biggest differentiators between successful celebrity-backed brands and those that fail.
“The consumer can see clearly if someone is simply being paid to promote a product,” he said. “The winners are typically the brands where the celebrity has genuinely helped build the business from the ground up.”
The model has attracted support from several prominent Australian investors and business families, reflecting broader interest in alternative investments with global growth potential.
Hunt said consumer brands offered a level of tangibility that many investors found appealing.
“Consumer brands are what we touch, feel, smell and taste every day,” he said. “Our investors understand the growth potential in the model, but they also want to be part of the journey.”
The fund’s rapid progress towards its fundraising target comes amid growing recognition that celebrity influence, when combined with strong commercial execution and scalable business models, can create significant enterprise value.
With several high-profile celebrity-founded businesses generating billion-dollar exits in recent years, supporters of the strategy believe the opportunity remains in its early stages.
