Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
● Title page (project title, team member names, etc.)
● Introduction
○ Problem statement
○ Significance and purpose of the study
○ RQs
● Methods
○ Data collection method(s)
● The group collected surveys though two different ways. One of
them was through the FSU Qualtrics system, which had 75
respondents from the three days it was active. Handwritten surveys
were also used to conduct research on the topic, but it only
received 7 responses in the end.
○ Summary of research instrument development process
● The research instrument was to see what the public knew and
thought about data breaches and what the targeted companies did
to help them in the aftermath if they were hacked. In addition the
group sought information on what they think about their
information is being targeted and if it is affecting their consumer
confidence. Lastly, we asked how it is affecting consumer
confidence in making future transactions at businesses that were
targeted such as Target, Michaels, and Home Depot.
○ Research population, sample, and sampling technique(s)
● The research population composed of family member and friends,
using Facebook and was shared by three Facebook friends. For the
sample techniques, the group used non-random purposive sampling
and volunteer sampling to conduct our research on the topic of data
breaches.
● Recruitment strategy and process
○ The recruitment process that the group used was to post the
online survey through Facebook, since they are consumers.
Originally the group was going to go to the stores to do the
sampling there. However, only 7 responses were received
from written surveys. Recruitment through Facebook
allowed the group to get more responses since they were
more likely to take it than asking shoppers to take the
survey.
● Analysis (Findings/Results)
○ RQ1: What are data breaches and are consumers aware of them?
■ A total of 80 survey respondents answered this question in their own
words. All but one response actually described in essence what a data
breach is. The other 79 responses all had the recurring theme of
information or data being compromised and accessed by someone who
should not have access.
○ RQ2: Are consumers aware of the consequences of data breaches (e.g.,
identity theft)?
■ A total of 73 respondents answered a survey question that asked if they
were aware of the consequences of data breaches. The respondents were
able to select the consequences that they were aware of and to provide any
other consequences that they were aware of that were not listed. 67 were
aware of identity theft. 48 were aware of new accounts opened because of
data breaches. 45 were aware of credit score impacts. 7 were aware of
other consequences such as: Using credit cards that were hacked; Use of
information to make individual purchases; Opening student loans;
Unauthorized charges and Consumer cost increases
○ RQ3: What are companies doing to protect consumers in the event of a data
breach?
■ We asked survey respondents if their information had ever been hacked.
We received 73 responses. Only 16% of the respondents had their
information hacked. The companies identified by the hacked respondents
were Target - 75%, Home Depot - 33%, Michaels - 17% and Costco - 8%.
We also asked the respondents what was done, if anything, by the
company to help. A total of 27 respondents answered in their own words,
however, 8 were “N/A” (non-applicable). Therefore, only 19 responses
contained usable data to answer the question asked.
Figure 1. Description of Data Breaches by Survey Respondents
Figure 2. Has Your Information Been Hacked?
Figure 3. Awareness of Recent Data Breaches
Figure 4. What did the Company do to help?
Figure 5. Awareness of the Consequences of Data Breaches
Figure 6. Confidence in Hacked Company
● Discussions/Implications
○ Briefly state the findings again and provide your interpretation and
meaning of findings.
○ You can validate your findings by comparing/contrasting with previous
studies.
○ Provide significance of the findings.
Abstract
Data breaches are becoming more and more common in today’s time. The purpose of our
research paper is to find out what the general public knows about data breaches and to also find
out if they have been affected by recent data breaches through companies. Through this study we
want to find out these topics above and also what companies are doing to help people that have
had their data hacked. Using this data we can then analyze and draw a conclusion of whether
companies are doing enough to prevent and protect consumer’s private information. With the
recent data breaches, we would also like to find out whether consumer confidence with shopping
with a store that has been breached has gone up, down or stayed the same.
Problem statement
Data breaches are becoming more and more common today as technology emerges
around the world. Hundreds of millions of records have been stolen last year through hacks and
data breaches as a result of poor and flawed security (Whittaker, 2014). Major companies such as
Target, Michaels, Home Depot and Costco are among the list of companies that have been
involved with major data breaches. With that being said, it's important not only that consumers
are aware of these breaches but its also important that companies are making the necessary steps
to prevent them from happening.
Significance of Study
The significance of our study was to find the impact data breaches has had on our society
and to see what has happened to the consumer confidence over this period of time. We also
wanted to find out what companies are doing to help fix this problem. This information could be
useful to anyone today. Over 40 million credit and debit cards were hacked during Target’s data
breach (Wallace, 2014). That number alone is more than enough to start trying to solve the data
breach problem that is facing the country today.
Research Questions
This paper explores what data breaches are, the awareness of consumers concerning data
breaches, major consequences of these data breaches and what is being done by companies to
prevent them. This purpose will be achieved by pursuit of the following research questions:
RQ1: What are data breaches and are consumers aware of them?
RQ2: Are consumers aware of the consequences of data breaches?
RQ3: What are companies doing to protect consumers in the event of a data breach?
Literature Review
What are consumer information data breaches?
In Shaw’s (2010) article, it is noted that between 2005 and 2010 over 350 million records
have been comprised. These records contained sensitive and personal information. It is quite
clear that there is a serious problem with data breaches in this country. Target a major retail
corporation, experienced a data breach of customer credit card information that has affected tens
of millions of Americans (Newman, 2013). When Michaels was hit by their large data breach,
they did not come out with the news in public until days after they discovered that they had been
hacked. The NSA, Home Depot and Sony are also among the companies/organizations that have
experienced major data breaches.
Causes and consequences for data breaches.
In the Gordon and Loeb (2002) article, the point is made that it is not always an outside
breach that is the culprit for data theft. Both the WikiLeaks and NSA leaks were inside jobs. It
was not someone hacking in from the outside that stole the information. Another point made is
that the cost of information security to protect data is costly. This can be a deterrent for
companies to invest more money in information security than they feel an actual data breach will
cost (Gordon & Loeb, 2002).
One of the major consequences of data breaches is identity theft. In 2005, over 19.6
billion dollars of corporate and consumer losses came from identity theft that was the direct
result of corporate data breaches. Other consequences can be lack of consumer confidence and a
reduction in sales (Romanosky, Telang & Acquisti, 2011). Litigation is also one of lesser
known consequences of data breaches (Romanosky, Hoffman & Acquisti, 2014).
What is being done to prevent data breaches?
Many states have adopted disclosure laws that insure consumers are notified when
sensitive data has been compromised. These laws are expected to increase consumer precaution
and increase the precautions used by commercial entities to avoid data breaches (Romanosky et
al., 2011).
There are, however, times when breach notification can cause more harm than good after a data
leak. Some believe that companies should instead be held responsible for creating a response
plan and have proposed an outline for this approach (Schwartz & Janger, 2007).
Methods
○ Data collection method(s)
● The group collected surveys though two different ways. One of
them was through the FSU Qualtrics system, which had 75
respondents from the three days it was active. Handwritten surveys
were also used to conduct research on the topic, but it only
received 7 responses in the end.
○ Summary of research instrument development process
● The research instrument was to see what the public knew and
thought about data breaches and what the targeted companies did
to help them in the aftermath if they were hacked. In addition the
group sought information on what they think about their
information is being targeted and if it is affecting their consumer
confidence. Lastly, we asked how it is affecting consumer
confidence in making future transactions at businesses that were
targeted such as Target, Michaels, and Home Depot.
○ Research population, sample, and sampling technique(s)
● The research population composed of family member and friends,
using Facebook and was shared by three Facebook friends. For the
sample techniques, the group used non-random purposive sampling
and volunteer sampling to conduct our research on the topic of data
breaches.
● Recruitment strategy and process
○ The recruitment process that the group used was to post the
online survey through Facebook, since they are consumers.
Originally the group was going to go to the stores to do the
sampling there. However, only 7 responses were received
from written surveys. Recruitment through Facebook
allowed the group to get more responses since they were
more likely to take it than asking shoppers to take the
survey.
● Analysis (Findings/Results)
○ RQ1: What are data breaches and are consumers aware of them?
■ A total of 80 survey respondents answered this question in their own
words. All but one response actually described in essence what a data
breach is. The other 79 responses all had the recurring theme of
information or data being compromised and accessed by someone who
should not have access.
○ RQ2: Are consumers aware of the consequences of data breaches (e.g.,
identity theft)?
■ A total of 73 respondents answered a survey question that asked if they
were aware of the consequences of data breaches. The respondents were
able to select the consequences that they were aware of and to provide any
other consequences that they were aware of that were not listed. 67 were
aware of identity theft. 48 were aware of new accounts opened because of
data breaches. 45 were aware of credit score impacts. 7 were aware of
other consequences such as: Using credit cards that were hacked; Use of
information to make individual purchases; Opening student loans;
Unauthorized charges and Consumer cost increases
○ RQ3: What are companies doing to protect consumers in the event of a data
breach?
■ We asked survey respondents if their information had ever been hacked.
We received 73 responses. Only 16% of the respondents had their
information hacked. The companies identified by the hacked respondents
were Target - 75%, Home Depot - 33%, Michaels - 17% and Costco - 8%.
We also asked the respondents what was done, if anything, by the
company to help. A total of 27 respondents answered in their own words,
however, 8 were “N/A” (non-applicable). Therefore, only 19 responses
contained usable data to answer the question asked.
Figure 1. Description of Data Breaches by Survey Respondents
Figure 2. Has Your Information Been Hacked?
Figure 3. Awareness of Recent Data Breaches
Figure 4. What did the Company do to help?
Figure 5. Awareness of the Consequences of Data Breaches
Figure 6. Confidence in Hacked Company
Discussions/Implications
At the start of the semester, the group expected that approximately 35 to 40 percent of
people would have been victims of a data breach. Our study found that only 16 percent were.
While data breaches are by no means a small problem, fewer people than expected were affected.
The data also shows that consumers know what data breaches are and are aware of them.
Additionally, consumers are aware of negative consequences that can follow a data breach. The
most common responses of how consumers could be affected were: identity theft, accounts
opened in their name, and credit score impact.
The study also examined what companies are doing to protect consumers in the event of a
data breach. The first step that was taken was notifying the customers that their personal
information had been stolen. After notification, companies would take step to reduce the
likelihood of fraud. Common steps taken to do this were replacing company credit cards and
offering free credit monitoring for one year.
Limitations/Future Study
The survey received a total of 82 responses. Although this is more than enough
responses to get a clear picture of if consumers know what data breaches are, only 15 of the
responses actually had their data exposed in a breach. This was not a large enough sample for an
accurate picture of what companies are doing to help those left exposed. For a future study, a
larger sample size of the population would be used to get more responses from exposed
consumers. An interview could then be used to get a more in depth look about what companies
did to help the consumer. Interviews with the victims of data breaches would also provide
enough detail to be able to accurately compare responses between companies. This would allow
the group to infer which company handled the breach best, and which company is doing the most
to help its consumers.
Conclusion
In conclusion, we had a lot of people respond to our survey even though only 15 had been
hacked through a company. Out of the people hacked, Target, Home depot and Michaels were
the most common answers received. Another company listed was Costco in our survey that
people got hacked through. Overall, companies are doing more for their customers to help keep
their information secure. The individuals in our survey said that the companies offered them free
credit monitoring as well as replacing their card for free. The significance of our research is to
find out how people have been affected by data breaches and if companies are doing anything to
help the people affected by it. Also we wanted to find out how much people knew about recent
data breaches and how much they knew about them in general.
Reflection
Doing this research has taught us many different thing from learning about data breaches
to finding out what other people knew and went through. We found it interesting that the
majority of people had not had their data breached through any company. Most of the people
surveyed knew what data breaches were which was a surprising find for us. Along with that
people also knew what the consequences were for having their data breached. In our survey we
gave respondents a few options for which they knew the consequences and the majority knew all
of the options and even gave a few of their own.
Some of the challenges we faced were finding people to take our survey, finding a time
when all of us could go out and give people surveys, and the amount of time we had to conduct
our research. We used a few methods to get our survey out to other people as well as telling
people in person. When we tried to get together to distribute paper surveys to people around
town, we had a very hard time trying to find a time when all of us could do it. Eventually we did
it on our own and brought back the results to the group. One of the last challenges we faced was
the time restraint for our survey. Although we for over 80 respondents, the amount of time and
resources we had was a limiting factor in our responses. If we would have had more time we
could have sent it out to more people and possibly had more people that had been hacked.
References
Shaw, A. (2010). Data Breach: from notification to prevention using PCI DSS. Columbia
Journal of Law and Social Problems, 517-562. Retrieved from
http://heinonline.org/HOL/Page?handle=hein.journals/collsp43&div=24&g_sent=1&coll
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104. Retrieved from
http://onlinelibrary.wiley.com/doi/10.1111/jels.12035/full
Romanosky, S., Telang, R. & Acquisti, A. (2011). Do data breach disclosure laws reduce
identity theft? Journal of Policy Analysis and Management, 30(2), 256-286. Retrieved
from http://onlinelibrary.wiley.com/doi/10.1002/pam.20567/full
Schwartz, P., & Janger, E. (2007). Notification of data security breaches. Michigan Law
Review, 105, 913-913. Retrieved from
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=908709
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security
investment. ACM Transactions on Information and System Security (TISSEC),5(4),
438-457.
Newman, J. (2013). The Target credit card breach: What you should know. Time. Retrieved
from http://techland.time.com/2013/12/19/the-target-credit-card-breach-what-you should
know/
Riley, M., Elgin, B., Lawrence, D. & Matlack, C. (2014). Missed alarms and 40
million stolen credit card numbers: How Target blew it. Bloomberg Businessweek Technology.
Retrieved from http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-
hack-of-credit-card-data
Wallace, G. (2014). Target and Neiman Marcus hacks: The latest. CNN Money.
Retrieved from http://money.cnn.com/2014/01/13/news/target-neiman-marcus-hack/
Whittaker, Z. (2014). 2014 in security: The biggest hacks, leaks, and data breaches | ZDNet.
Retrieved from http://www.zdnet.com/pictures/2014-in-security-the-biggest-hacks-leaks-and-
data-breaches/