• Corpus ID: 235456991

"Now I'm a bit angry: " Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them

@inproceedings{Mayer2021NowIA,
  title={"Now I'm a bit angry: " Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them},
  author={Peter Mayer and Yixin Zou and Florian Schaub and Adam J. Aviv},
  booktitle={USENIX Security Symposium},
  year={2021}
}
Despite the prevalence of data breaches, there is a limited understanding of individuals’ awareness, perception, and responses to breaches that affect them. We provide novel insights into this topic through an online study ( n =413) in which we presented participants with up to three data breaches that had exposed their email addresses and other personal information. Overall, 73% of participants were affected by at least one breach, 5.36 breaches on average. Many participants attributed the… 

Figures and Tables from this paper

What breach? Measuring online awareness of security incidents by studying real-world browsing behavior

TLDR
The findings highlight two issues: 1) security awareness needs to be increased; and 2) current awareness is so low that expecting users to be aware and take remedial action may not be effective.

"All of them claim to be the best": Multi-perspective study of VPN users and VPN providers

TLDR
This paper conducts a quantitative survey of VPN users in the U.S. and qualitative interviews of nine providers to answer several research questions regarding the motivations, needs, threat model, and mental model of users and the key challenges and insights from VPN providers.

“A Reasonable Thing to Ask For”: Towards a Unified Voice in Privacy Collective Action

People feel concerned, angry, and powerless when subjected to surveillance, data breaches and other privacy-violating experiences with institutions (PVEIs). Collective action may empower groups of

Caring about Sharing: User Perceptions of Multiparty Data Sharing

TLDR
It is shown that users have preferences and that variations in acceptability exist which depend on the nature of the data sharing collaboration, and that users caring about sharing, necessitates more transparent sharing practices and regulations.

Investigating Web Service Account Remediation Advice

TLDR
It is found that highly-ranked websites and sites with a previously disclosed data breach have more complete coverage than other sites and that only 39% of the web services studied provided advice for all phases of account remediation.

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service

TLDR
The first long-term RBA analysis on a real-world large-scale online service is provided and insights are provided on selecting an optimized RBA configuration so that users profit from RBA after just a few logins.

PPA: Preference Profiling Attack Against Federated Learning

TLDR
This work proposes a new type of privacy inference attack, coined Preference Profiling Attack (PPA), that accurately proflles the private preferences of a local user, e.g., most liked (disliked) items from the client’s online shopping and most common expressions from the user’'s sel fies.

References

SHOWING 1-10 OF 100 REFERENCES

"I've Got Nothing to Lose": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach

TLDR
Although many participants were aware of and concerned about the Equifax breach, few knew whether they were affected, and even fewer took protective measures after the breach, it is found that this behavior is not primarily influenced by accuracy of mental models or risk awareness, but rather by costs associated with protective measures.

We're Here to Help: Company Image Repair and User Perception of Data Breaches

TLDR
It is suggested that software design and legal implications to support users protecting themselves and developing better mental models of security breaches, and that organizational communication affects the users' perception of victimization, attitudes in data protection, and accountability.

‘All that Glitters is not Gold’: The Role of Impression Management in Data Breach Notification

Data breaches have become a seemingly unavoidable aspect of the information age for both consumers and organizations. Breaches have tangible consequences, including the increased possibility of

You `Might' Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications

TLDR
This work analyzed data breach notifications sent to consumers with respect to their readability, structure, risk communication, and presentation of potential actions to find that notifications are long and require advanced reading skills.

Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data

TLDR
It is found that users readily understand the risk of data breaches and have consistent expectations for technical and non-technical remediation steps, and participants are comfortable with applications that examine leaked data when the application has a direct, tangible security benefit.

"My religious aunt asked why i was trying to sell her viagra": experiences with account hijacking

TLDR
Results of a survey about people's experiences with and attitudes toward account hijacking suggest compromised accounts are often valuable to victims, and implications for designing security mechanisms to improve chances for user adoption are discussed.

"My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security

TLDR
A qualitative study to understand what people do and do not know about the Internet and how that knowledge affects their responses to privacy and security risks suggests a greater emphasis on policies and systems that protect privacy andSecurity without relying too much on users' security practices.

I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security

TLDR
Interviews of a demographically broad pool of users resulted in several interesting findings, including that negative-security events portrayed in well-crafted fictional narratives with relatable characters may be effective teaching tools for both digital-and physical-security behaviors.

"I Have a Narrow Thought Process": Constraints on Explanations Connecting Inferences and Self-Perceptions

TLDR
Investigation of people’s reactions upon being exposed to inferences found that the evidence participants used to relate the inferences with their self-perceptions was bounded by what they remembered about their own past behaviors in connection with the platform.

Out of Sight, Out of Mind: Consumer Reaction to News on Data Breaches and Identity Theft

We use the 2012 South Carolina Department of Revenue data breach to study how data breaches and news coverage about them affect consumers’ take-up of fraud protections. In this instance, we find that
...