Russian hackers have stolen over 1.2 billion passwords, but Americans are on alert
Revelations that Russian hackers have stolen 1.2 billion user names and passwords are only the latest in a series of identity theft attacks that are causing US consumers to change their shopping habits. Some are scaling back online purchases, especially at stores known to have had a data breach.
Kacper Pempel/Reuters/File
High-profile identity theft attacks – including revelations this week that Russian hackers had nabbed 1.2 billion user names and passwords from 420,000 websites – have become a major concern for the American consumer and are now having a significant impact on their shopping habits.
They're checking their credit-card reports more often, expanding their use of cash, and scaling back on online purchases, according to a survey conducted with more than 400 individuals by LowCards.com, a credit-card information website. In a worrying sign for companies that report credit-card breaches, half of consumers say they're avoiding buying items from them.
Some 46 percent of respondents were more concerned about identity theft now compared with a year ago, and another 48 percent were equally concerned.
Fifty-two percent said they shy away from stores that have experienced a credit-card data breach. The fear of identity theft is also affecting online sales, with over one-quarter of respondents (26 percent) saying they now limit their online transactions due to identity theft concerns.
Most consumers (56 percent) said they were taking active measures to protect themselves from identity theft. Nearly 4 in 10 respondents (38 percent) claim they are checking their credit report more often than they did a year ago. One-quarter of those surveyed are now using cash for more transactions.
The survey reveals consumers are more concerned about the security of debit cards compared with credit cards: 29 percent of respondents are using debit cards for fewer transactions compared with only 19 percent for credit cards. This may have to do with consumers realizing there are greater protections on fraudulent transactions with credit cards than with debit cards.
The rash of credit card breaches at major retailers such as Target, Neiman Marcus, Michaels, and Sally Beauty seems to have hit home with consumers across America, causing some real concerns.
The thievery was described in a New York Times story based on the findings of Hold Security, a Milwaukee firm that has a history of uncovering online security breaches.
Hold Security didn't immediately respond to inquiries from The Associated Press.
The identities of the websites that were broken into weren't identified by the Times, which cited nondisclosure agreements that required Hold Security to keep some information confidential.
The reported break-ins are the latest incidents to raise doubts about the security measures that both big and small companies use to protect people's information online.
Security experts believe hackers will continue breaking into computer networks unless companies become more vigilant.
"Companies that rely on usernames and passwords have to develop a sense of urgency about changing this," Avivah Litan, a security analyst at the research firm Gartner told the Times.
Retailer Target Corp. is still struggling to win back its shoppers' trust after hackers believed to be attacking from Eastern Europe stole 40 million credit card numbers and 70 million addresses, phone numbers and other personal information last winter.
Alex Holden, the founder and chief information security officer of Hold Security, told the Times that most of the sites hit by the Russian hackers are still vulnerable to further break-ins. Besides filching 1.2 billion online passwords, the hackers also have amassed 500 million email addresses that could help them engineer other crimes, according to Hold Security.
Identity theft is affecting nearly 1 in 5 households. According to the LowCards.com survey, 17 percent of the respondents said they or someone in their household was a victim of identity theft in the last 12 months. Half of those cases were credit-card theft.
The latest US census reported there were 159 million credit-card holders in the country. Extrapolating from the survey results, the data suggests there would be an estimated 13.5 million cases of credit-card identity theft in the United States over the last 12 months. This correlates with a Javelin Research study that showed over 11.6 million people were victims of identity theft in 2011.
The LowCards.com survey consisted of 427 randomly selected individuals from across the United States and took place between June 20 and June 25, 2014.
– Bill Hardekopf is founder of Lowcards.com, an online credit-card information site. Material from the Associated Press was used in this report.