The Year of the Breach - Will it Affect Consumer Shopping Habits in 2015?

Posted by Canh Tran on Sep 3, 2015 9:03:40 AM


As we approached the end of 2014, dubbed “the year of the data breach”, the US had experienced a record high of 783 publicly announced data breaches. You could not turn on the TV, open a newspaper or surf the internet without hearing how globally recognized organizations like Home Depot, JPMorgan Chase, UPS, Target and many more fell victim to a breach. Consumers experienced data breach fatigue and started to become unfazed as breach after breach was uncovered. With the 2015 holiday season nearing, analysts are looking to see if 2014’s stretch of breaches will affect consumer shopping habits in 2015.

This post was first published on The Paypers.

From a public awareness standpoint, most consumers are only aware of high profile breaches like those involving Target and Home Depot. But, beyond the big breaches you read about in the media, the majority of consumers remain unaware of other data breaches that involve large numbers of records being comprised. While it is safe to assume that the person has made a transaction with a payment card at a major retailer, we decided to take a closer look at the true likelihood of a cardholder being involved in some of the larger breaches over the last year.

Ten Biggest Breaches

Thanks to our friends at the Identity Theft Resource Center, we have selected ten of the largest data breaches in the last twelve months and looked at the total number of compromised records in each of the breaches.

Organization Name

Date of Public Announcement

Number of Records Exposed

Anthem Insurance Companies



Home Depot



Ashley Madison



U.S. Office of Personnel Management



Premera Blue Cross



Anthem Insurance Companies (Non-customers)



U.S. Office of Personnel Management



Adult Friend Finder






CareFirst Blue Cross Blue Shield




Total Number Of Records Exposed: 223,460,000 records

As shown above, over 223 million records were compromised in these top ten data breaches involving organizations from a variety of industries. These data breaches compromised personally identifiable information (PII), protected health information (PHI) or payment information for each one of the affected individuals. It is important to mention here that consumers are still at risk for identity theft when their PII or PHI has been stolen without payment information.

How Many Of Us Are Exposed?

When looking at the probability that a US cardholder was involved in any one of these breaches, we found that an astonishing 64% of US consumers have been involved in at least one of these ten breaches. When looking at the bigger picture, this is clearly an underestimate of how bad the situation truly is. There are many other breaches that did not make this top list, so it is safe to infer that almost every American has been touched by a data breach at some point.

Security Measures Every Consumer Should Take

As a consumer, is there something that can be done to avoid being involved in these massive data breaches? Telling consumers to avoid shopping at some of the biggest merchants in the country or to only use cash is a difficult ask. And even if someone can follow those strict guidelines, that does not exclude data breaches that involve protected health information (PHI) like the breaches that occurred at Anthem Insurance Companies and the Office of Personnel Management.

We are often left at the mercy of the merchants we transact with and their suite of security tools to help prevent and mitigate the damage from a data breach. We rely on our financial institutions and the fraud analysts they employ to work tirelessly to protect us from fraudulent transactions while not disturbing our spending habits. But are they doing enough, and what else can be done? Here are four security tips that you should be practicing today to help better protect yourself from the effects of a data breach.

1. Set Up A Security Freeze On Your Credit Report

If you are one of the many Americans affected by a data breach, placing a security freeze on your credit reports can also protect you from future fraud. Not to be mistaken with a fraud alert, which only alerts you of suspicious activity surrounding your credit history. However, if the data breach involved Social Security numbers, fraudsters can easily take over your existing accounts. A security freeze prevents future lenders from seeing your credit score or report, making it more difficult for identity thieves to open new credit accounts under your name.

2. Utilize A Password Manager

Use a password manager like Sticky Password or Dashlane to keep track of all of your passwords for the websites you visit regularly. When possible, let the manager suggest your passwords. Although it will be near impossible to remember a randomly generated password, rest assured that it will be just as hard for fraudsters to guess it. Do not forget to run a password audit every few months to make sure your password "hygiene" is good. Using the same password for multiple websites only increases your risk of compromising multiple accounts after a breach has occurred.

3. Set Up Banking Alerts

It is not an easy task to monitor your transactions every day for suspicious activity, let alone weekly. So for those moments when we cannot be as vigilant as we would like to be, setting up banking alerts for your phone or e-mail can prevent possible fraudulent activity. For example, you can set up an alert for when a transaction meets certain criteria, such as a purchase under a certain dollar amount.

Fraudsters like to test out stolen payment cards by going to a gas station or convenience store and charging a small amount that is often overlooked by consumers, thus ensuring that the card is valid for future fraudulent use. Shortly after, they will use the same stolen card to make a major purchase often for gift cards, electronics or other goods that are easy to sell.

4. Monitor Bank Statements

If you are not going through your bank statements weekly or monthly to ensure that the transactions on your account are really yours, you should start doing this… well, yesterday. If you see an error or an unauthorized transaction on your statement, time is of the essence to ensure that you are not the one left responsible for the fraudulent transaction.

Curious to see how much at risk you are to have been involved in a major data breach? The New York Times has put out a great tool to show how many times a consumer has potentially had their personal information exposed or stolen in twenty six of the most well-known data breaches in the past few years.

Fraud is not going away anytime soon and as we have shown above, it is something that affects all of us, whether we know it or not. Following these tips above can help catch a breach before it becomes too damaging.

With the 2015 EMV deadline approaching right before the holiday season, learn about the benefits and downsides to EMV in our white paperEMV Adoption In The U.S.

New Call-to-action


Topics: Industry News, Data Breach Statistics