Breach Fatigue? Most Consumers Unaware of eBay, Home Depot Incidents

2014 has been dubbed the year of the data breach, and that appears to be translating into consumer fatigue and tune-out: the majority of them (77%) have already forgotten or are unaware of one of the largest data breaches in history: eBay.

In fact, only the Target and Home Depot data breaches scored higher than 23% in public awareness in a recent survey from Software Advice. This suggests that consumers are fatigued and are starting to tune out headline-worthy breaches.

“The results of our poll suggest that the public may already have reached ‘peak breach,’ responding to most of these stories with a shrug,” said Daniel Humphries, market research associate at Software Advice. “A breach has to be truly massive, and focus on credit cards over other types of data loss, for it to attain any serious level of public awareness. And even then, the Home Depot breach seems to be having less of an impact than the Target breach did—so even the mega-breaches may be having less impact.”

On one hand, this is good news for companies, he pointed out: Security breaches need not have any long-term effect on their fortunes; rather, they act as speed bumps. And yet, public anger at data breaches could act as a strong incentive for firms to improve the quality of their security; in its absence, that incentive may be lacking.

Also, “If the public is unconcerned about the wholesale leakage of sensitive data by firms to which they have entrusted it, it seems unlikely they will be doing much to protect their own identities and card details online,” Humphries pointed out.  

Occurring in February of this year, eBay went public with its breach in May, when it advised all 145 million of its users to update their passwords and admitted that hackers had infiltrated an internal eBay corporate account. Compromised data from the hack included user names, email addresses, physical addresses, phone numbers and dates of birth. The hackers were also able to access passwords, although these were encrypted.

“A staggering 77% of respondents were unaware of what was billed as one of the biggest data breaches in history,” Humphries said. He added, “However, [hackers] did not lay their hands on credit card numbers—so, although there was an initial wave of grandiose headlines, the mega-breach faded from view quite quickly. Not only that, but as we mentioned at the start, the firm’s profits actually rose.”

In contrast, the Target breach remains in the public consciousness: only 30% of respondents were unaware of it. But the survey showed that 42% of respondents remain unaware of the Home Depot breach, despite it being recently front-page news and the fact that it was much larger than the Target’s.  

“Perhaps, indeed, breaches are becoming normalized,” Humphries said

What’s Hot on Infosecurity Magazine?