Less than Half of Consumers Change Passwords Post-Breach
There’s a “shockingly high” disconnect between awareness of best practices following a data breach and actions taken, according to a new study from the Identity Theft Resource Center (ITRC).
The non-profit polled over 1000 US consumers to gauge their understanding of and response to breach incidents involving personal information.
The report found that more than half (55%) of social media users have had their accounts compromised in the past, so there’s generally a high level of awareness about what can be done to enhance personal security.
However, nearly a fifth (16%) of respondents said they took no action following a breach. Less than half (48%) changed affected passwords, and only a fifth (22%) changed all of their passwords.
That’s particularly worrying when 85% admitted to reusing log-ins across multiple accounts, putting them at risk of credential stuffing.
“When asked why they don’t use unique passwords, 52% said it’s too difficult to remember their passwords, 48% don’t trust or know how to use password managers, and 46% don’t think it’s important or believe their password practices are good enough,” the report noted.
Just 3% followed best practice advice following a breach notice and put a credit freeze in