NBC 6 Responds

What Is Breach Fatigue and Does It Contribute to Rise in Data Compromises

The Annual Data Breach Report released Monday by the Identity Theft Resource Center shows the overall number of data compromises is up more than 68% compared to 2020

NBC Universal, Inc.

A newly released report shows data compromises were at an all-time high during 2021. The Annual Data Breach Report released Monday by the Identity Theft Resource Center shows the overall number of data compromises is up more than 68% compared to 2020.

The number of data events that involved sensitive information increased slightly also, according to the report. But, as the number of data compromises increases, experts say these events are not being met with the same quick actions by consumers.

Consumers often find out about a data breach through an email, letter or by reading a news headline.

Cyber security expert Eva Velasquez is the President and CEO of the Identity Theft Resource Center. She said many consumers are suffering from what she calls “Breach Fatigue.”

“Because they have become so ubiquitous now we don’t have that same level of concern,” Velasquez said.

The report shows the personal information of more than 290 million people was exposed during 2021. According to the report, of the people who knew their information was compromised, only 48% took the time to change their passwords and 16 percent took no action at all.

“We as a people are not considering how valuable these credentials and personal identifiable information is, but the thieves know exactly how valuable that is to perpetrate their schemes,” Velasquez said.

Another issue, she says, is that data breach notification laws vary by state.

“There are processes to notify people that don’t require an individual letter or an email. The company that breaches only has to put it on their website,” Velasquez said.

In Florida, a company or agency must notify the state of a data breach within 30 days if it affects more than 500 people. The victims of a breach must also be notified, but when and how a victim is notified can vary.

State law says if an investigation shows a breach isn’t likely to expose you to financial harm, a notification isn’t required.

Velasquez said small steps like using 12 character unique passwords, using different passwords for each online account and using multi-step authentication can help keep your information safe.

“If an organization that you do business with suffers a breach, go ahead and take those action steps that are recommended. Sometimes, it’s as simple as changing your username and password,” Velasquez said.

Contact Us