71% of American Adults Have Risky Internet Safety Habits This Year, CNET Survey Finds

If you’re like me, then your sensitive data has been compromised in a data breach — probably multiple times.

An exclusive CNET survey found that 47% of US adults know their personal data was leaked during a cyberattack, with Gen X and Baby Boomers reporting the highest rates of their sensitive data being leaked. Nearly half of the millennials surveyed said they were also affected by a data breach while one in four Gen Z respondents said their information had been leaked.

Data breaches occur almost daily for many reasons, including phishing attacks by malicious actors, human error and even employees seeking to profit from company data.

The good news is that data breaches do not directly result in identity theft or fraud. However, it will put you at greater risk of phishing attempts on your personal devices. So it is up to us to keep our data and identity safe.

A CNET cybersecurity survey found trends in how people react after learning about their involvement in a data breach, which scams worry them the most and how they protect their identities online, especially during the busy holiday shopping season.

Important takeaways

• 84% of respondents are taking some form of action to protect their personal data this holiday season.
• However, 71% of US adults have already taken actions that are considered risky by security experts in protecting their personal data in the past year.
• CNET found that 41% of US adults surveyed used the same password for multiple accounts in the past 12 months. More worryingly, one in five adults have also signed up for double verification in the past year.
• One in five US adults are not sure if their data is at risk from a cyber attack.

Many people change their passwords after a data breach

The first steps you take after learning you have been affected by a data breach are important. Most adults, 68% to be exact, have changed their password after learning about a cyberattack, and another 41% have signed up for two-factor authentication for multiple online accounts.

Other popular responses to the disclosure of your information in a data breach include placing a fraud alert on credit reports (35%) and signing up for identity theft protection (33%).

When a company has a data breach, it often sends out notifications to potentially affected customers, including free activation codes to protect against identity theft. Coverage typically takes one or two years — depending on the severity of the breach and what personal information was compromised. But you can sign up for identity theft protection yourself after the offer expires.

Protect your personal data and get peace of mind with CNET’s top picks for identity theft software.

One of the best ways to protect yourself after a data breach was no action taken by the majority of respondents. Only 27% of American adults say they blocked their credit following a breach. Credit closures are free to the public and a great way to prevent identity fraud, experts say. I stopped my credit in April and found it to be an easy process.

“Never wait to be notified of a data breach to freeze your credit,” says Adam Levin, author and host of the podcast What the Hack with Adam Levin. “Once your credit is frozen, no one can access your credit files. This means it’s impossible for anyone – including you – to open a new credit account until your file is frozen.”

Notably, 20% of adults stopped using a company’s services altogether after being affected by a data breach.

Most Americans have bad password habits

While data breaches are out of the customer’s control, how you protect your data online is something you can manage. It all starts with strict password hygiene.

CNET found that 41% of US adults surveyed used the same password for multiple accounts in the past year. This is a practice that leaves you vulnerable to data mining by cybercriminals — where they gain access to one account and check that same information elsewhere.

For this reason, experts recommend using a different password for each of your online accounts. If that sounds too difficult, a password manager can help.

“With a password manager, you don’t need to remember any of your passwords because the software stores them all for you in a secure location and fills them in automatically when you log into your accounts,” said Attila Tomaschek, a CNET staff writer. digital privacy expert.

A password manager can monitor the dark web for compromised credentials and notify you of data breaches, so you can update your passwords, if they’re exposed, he added.

More worryingly, one in five adults have also signed up for double verification in the past year. Many financial institutions and merchants will send periodic notifications or text codes to your phone to verify your identity or if you log into your account from a new device. That extra layer of security can help keep hackers at bay and alert you if someone is trying to access your account.

“This may sound a little intrusive and add a few seconds to the sign-in process, but it’s worth it,” said Neal O’Farrell, a cybersecurity expert and member of CNET’s expert review board.

Cybersecurity is top of mind for consumers this holiday season

The holidays bring great joy, but also an increased risk of falling into a scam that can ruin your happy mood.

Overall, 84% of people surveyed said they are taking some kind of extra precaution this year when buying gifts. While some consumers will only shop in person, nearly half of adults (48%) said they would only shop on reputable websites. Many (43%) also choose to shop directly from mobile apps such as Amazon, Walmart, Target and Etsy to avoid being lured to fake websites.

Thirty-seven percent of holiday shoppers will also strengthen password hygiene by taking steps such as enabling two-factor authentication for new accounts or using a different password, password manager or passcode.

A few said they would check whether a website has an “https” password (31%) or use a digital wallet such as Apple Pay or Google Wallet and Samsung Wallet (24%). Digital wallets use tokens, which in layman’s terms prevent the merchant from viewing or storing your real card information. If that merchant is hacked in the future, your card information will remain safe.

Non-delivery scams are a major concern for consumers

With fraud on the rise, 66% of Americans are worried about becoming a victim of crime this holiday season and beyond.

Almost a quarter of respondents are very afraid of package scams. These scams involve scammers sending an email or text that looks like it’s from UPS or FedEx that includes a fake purchase notification or claims that there’s a problem with a delivery. The aim is simply to steal your personal or financial information after clicking on the provided link.

“The best thing to remember is to skip links, and definitely any attachments, in these messages,” said Bree Fowler, senior cybersecurity and digital privacy writer at CNET. “Instead, go directly to the shipper’s website (UPS, USPS, FedEx.) and enter your billing information. If the message appears to be from a merchant you do business with, go directly to their app or website.”

Package-related scams are always high this time of year, and many people shop online during the holidays. Consumers spent a total of $13.3 billion on Cyber ​​Monday alone this year, up 7.3% year over year, according to Adobe.

One in five Americans are also afraid of being scammed by customer support scams where the scammer pretends to work at a legitimate agency and convinces you to share your account information. Some common scams that people are afraid of falling for include charity scams, gift card scams and romance scams.

Additionally, with tax season right around the corner, you should also file your taxes early to avoid tax fraud and beware of being scammed by a scammer claiming to owe the IRS.

If you receive an unanswered call or message, hang up and call the company or government agency directly using the number on its official website to verify the legitimacy of the communication.

“Never assume the authenticity of anyone who communicates with you, even if you believe they are an authority figure in a government agency or organization you are affiliated with,” said Levin.

Scammers often exploit you by adding a false sense of urgency to their requests. Don’t fall for this. Instead, take some time to think about what’s going on so you don’t make it easy for a scammer to get your sensitive data or money.

“Crime is like any business and criminals have a lot of time to devote to a particular area before they see it as unprofitable,” O’Farrell told CNET. “When you make it difficult for them and when you disrupt their efforts, they will move on quickly.”

How to do it

CNET commissioned YouGov Plc to conduct the research. All figures, unless otherwise stated, come from YouGov Plc. The total sample size was 2,518 adults. The work was done between Nov. 4-7, 2024. Survey conducted online. Figures are weighted and represent all US adults (ages 18 and older).