Concern But No Action: Consumers' Reactions to the Equifax Data Breach

Authors:
Yixin Zou

University of Michigan, Ann Arbor, MI, USA

University of Michigan, Ann Arbor, MI, USA
View Profile

,
Florian Schaub

University of Michigan, Ann Arbor, MI, USA

University of Michigan, Ann Arbor, MI, USA
View Profile

CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing SystemsApril 2018Paper No.: LBW506Pages 1–6https://doi.org/10.1145/3170427.3188510

Published:20 April 2018Publication History

CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems

Pages 1–6

ABSTRACT

Following the 2017 Equifax data breach, we conducted four preliminary interviews to investigate how consumers view credit bureaus and the information flows around these agencies, what they perceive as risks of the Equifax breach, and how they reacted in practice. We found that although participants could properly articulate the purpose of credit bureaus, their understanding of credit bureaus' data collection practices was divided and incomplete. Although most of them conceptualized identity theft as the primary risk of data breaches disclosing credit information, and noted a lack of trust/self-efficacy in controlling their data collected by credit bureaus, they did not take sufficient protective actions to deal with the perceived risks. Our findings provide implications for the design of future security-enhancing tools regarding credit data, education and public policy, with the aim to empower consumers to better manage their sensitive data and protect themselves from future data breaches.

References

Ben Berliner. 2017. Equifax breach drives legislative push on data privacy. (2017). https://fcw.com/articles/2017/10/23/databreach-legislation-berliner.aspx.Google Scholar
Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. Bridging the gap in computer security warnings: A mental model approach. IEEE Security &Privacy 9, 2 (2011), 18--26. Google ScholarDigital Library
L. Jean Camp. 2009. Mental models of privacy and security. IEEE Technology and Society Magazine 28, 3 (2009).Google ScholarCross Ref
Federal Trade Commission. 2017. The Equifax Data Breach. (2017). https://www.ftc.gov/equifax-data-breach.Google Scholar
Ponemon Institute. 2014. The Aftermath of a Data Breach: Consumer Sentiment. Technical Report. https://www.ponemon.org/local/upload/file/Consumer%20Study%20on%20Aftermath%20of%20a%20Breach%20FINAL%202.pdf.Google Scholar
Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. "... No one Can Hack My Mind" Comparing Expert and Non-Expert Security Practices.. In SOUPS, Vol. 15. 1--20.Google Scholar
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. My data just goes everywhere: user mental models of the internet and implications for privacy and security. In Proc. of the 11th Symposium On Usable Privacy and Security (SOUPS). 39--52.Google Scholar
Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers &Security 64 (2017), 122--134. Google ScholarDigital Library
Annamaria Lusardi and Olivia S. Mitchelli. 2007. Financial literacy and retirement preparedness: Evidence and implications for financial education. Business economics 42, 1 (2007), 35--44.Google Scholar
Maureen Mahoney. 2014. Errors and Gotchas: How Credit Report Errors and Unreliable Credit Scores Hurt Consumers. Technical Report. http://consumersunion.org/wp-content/uploads/2014/04/Errors-and-Gotchas-report.pdf.Google Scholar
Lennart Sjöberg. 2000. Factors in risk perception. Risk analysis 20, 1 (2000), 1--12.Google Scholar
Rick Wash. 2010. Folk models of home computer security. In Proc. of the 6th Symposium on Usable Privacy and Security. ACM, 11. Google ScholarDigital Library
Suzanne Woolley. 2017. Few Americans Are Freezing Their Credit After the Equifax Hack. (2017). https://www.bloomberg.com/news/articles/201710-06/few-americans-are-freezing-their-creditafter-the-equifax-hack.Google Scholar
Yaxing Yao, Davide Lo Re, and Yang Wang. 2017. Folk Models of Online Behavioral Advertising. In Proc. of the 2017 ACM Conf. on Computer Supported Cooperative Work and Social Computing (CSCW). 1957--1969. Google ScholarDigital Library

Index Terms

Concern But No Action: Consumers' Reactions to the Equifax Data Breach
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Awareness, Intention, (In)Action: Individuals’ Reactions to Data Breaches
Data breaches are prevalent. We provide novel insights into individuals’ awareness, perception, and responses to breaches that affect them through two online surveys: a main survey (n = 413) in which we presented participants with up to three breaches ...
Read More
The Privacy Paradox in HCI: Calculus Behavior in Disclosing PII Online
HCI in Business, Government and Organizations. Information Systems and Analytics
Abstract
The Privacy Paradox is an information privacy behavioral phenomenon wherein individuals are aware that the personally identifiable information (PII) they disclose in an online transaction may be compromised, yet disclose it nonetheless. One ...
Read More
The privacy paradox Investigating discrepancies between expressed privacy concerns and actual online behavior A systematic literature review

This paper presents a systematic literature review discussing the privacy paradox.Users are concerned about their privacy but undertake little to protect their data.Risk-benefit evaluation or little risk assessment drives information disclosure.Design ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems
April 2018
3155 pages
ISBN:9781450356213
DOI:10.1145/3170427
General Chairs:
Regan Mandryk
University of Saskatchewan, Canada
,
Mark Hancock
University of Waterloo, Canada
,
Program Chairs:
Mark Perry
Brunel University London, UK
,
Anna Cox
University College London, UK
Copyright © 2018 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 April 2018
Check for updates
Author Tags
credit bureaus
data breach
mental model
privacy paradox
protective behavior
risk perception
user-centered design
Qualifiers
- abstract
Conference

Acceptance Rates
CHI EA '18 Paper Acceptance Rate1,208of3,955submissions,31%Overall Acceptance Rate6,164of23,696submissions,26%
More
Upcoming Conference
CHI '24

Sponsor:

sigchi

CHI Conference on Human Factors in Computing Systems

May 11 - 16, 2024

Honolulu , HI , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 11
  Total Citations
  View Citations
- 1,774
  Total Downloads
- Downloads (Last 12 months)537
- Downloads (Last 6 weeks)118
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Concern But No Action: Consumers' Reactions to the Equifax Data Breach

CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Awareness, Intention, (In)Action: Individuals’ Reactions to Data Breaches

The Privacy Paradox in HCI: Calculus Behavior in Disclosing PII Online

The privacy paradox Investigating discrepancies between expressed privacy concerns and actual online behavior A systematic literature review