After the September 2017 announcement of Equifax’s massive data breach — which ultimately exposed the personal information of 147.9 million people — Americans frantically searched for ways to protect themselves. Many found contacting the credit bureaus and freezing their credit to be a difficult task, and now, one year later, few are feeling good about the security of their financial information.
Roughly 7 in 10 (71%) Americans say they’ve become increasingly worried about the security of their financial information online over the past year, and more than 3 in 5 (61%) don’t feel prepared to take action if their personal financial information is involved in a data breach online, according to a nationally representative survey, commissioned by NerdWallet and conducted online by The Harris Poll among 2,035 U.S. adults in August 2018.
- Concern about online financial security is growing. Four in five (80%) Americans say they’ve always been concerned with how safe their personal financial information is online, and 71% say they’ve become increasingly worried about it over the past year, according to the survey.
- Few responded to a recent breach by freezing their credit. Just 1 in 10 (10%) Americans say they’ve placed a freeze on their credit after a credit reporting agency had a major breach of personal financial information last year.
- Freezing their credit seems cumbersome. Nearly half (47%) of Americans don’t know how to freeze their credit and 34% wouldn’t go through the trouble to do so even if there was a major breach involving their personal financial information.
- Americans feel unprepared. More than three-fifths (61%) don’t feel prepared to handle a situation in which their personal financial information is involved in a data breach online.
- Confidence in banks, credit bureaus and the federal government to protect financial information is lukewarm. About half (51%) of Americans say U.S. banks are doing enough to ensure the security of consumer finance information, 47% say major credit bureaus are doing enough and 38% say the U.S. government is doing enough, according to the survey.
“Anxiety over financial privacy is a justified reaction to data breaches that make the news, but you don’t have to wait until you experience a breach personally to take steps to protect yourself,” says Kimberly Palmer, personal finance expert at NerdWallet. “There’s a range of steps all consumers can take, from being more watchful to freezing their credit, to stay safe.”
» MORE: How to freeze your credit
Credit freezes: The best advice, largely ignored
Freeze your credit. It’s some of the best advice in the wake of a financial data breach because it restricts access to your credit report and prevents new accounts from being opened in your name. And though 53% of Americans say they know the steps needed to place a freeze on their credit and 48% know doing so won’t lower their credit score, relatively few did it following a major data breach last year — just 10%, according to the survey.
Their decision to not freeze their credit could be a matter of convenience, as 34% say they wouldn’t “go through the trouble” of freezing their credit even if there was a data breach involving their personal financial information. Or the reason could be the cost: 75% said they would be likely to freeze their credit in a breach that may involve their information if doing so were free. But 12% say they paid for credit monitoring or identity theft protection services over the past year.
“Starting Sept. 21, all three major credit bureaus will offer free credit freezes, something Equifax has offered since the backlash surrounding its breach, thanks to a new federal law,” says Palmer. “Freezing your credit is just one powerful way to protect yourself from fraudulent activity.”
Confidence is low across the board
More than 3 in 5 (61%) Americans say they don’t feel prepared to handle being involved in an online personal finance data breach, according to the survey, even though approximately 45% of all Americans may have been involved in the 2017 Equifax breach, according to NerdWallet analysis. And they’re not feeling much better about the ability of others to keep their data safe:
- 47% agree with the statement, “Major credit bureaus are doing enough to ensure the consumer finance information they hold adheres to strict security standards to prevent large-scale breaches.”
- 51% agree with the statement, “U.S. banks are doing enough to ensure the consumer finance information they hold adheres to strict security standards to prevent large-scale breaches.”
- 38% agree with the statement, “The U.S. government is doing enough to ensure companies are keeping consumers’ finance information secure.”
Preparing for another breach
If consumers are hit with another large-scale security event, many may be ill-prepared. When asked how they would immediately react to having their personal finance information compromised online, a full 16% would wait to receive instructions from their bank — instructions that likely wouldn’t come.
“Protecting your credit is largely up to you, but the good news is that there are a lot of tools available,” Palmer says.
Consumers can take the following steps to protect themselves:
- Freeze your credit. Beginning Sept. 21, freezing and unfreezing your credit will be free through all three major credit bureaus.
- Set a fraud alert. Yearlong fraud alerts will also be free beginning Sept. 21.
- Check your credit report for errors and problems at least once annually. Credit freezes and fraud alerts only prevent new fraudulent accounts, so keep an eye on existing accounts.
- Review your monthly bank and credit card statements for fraudulent charges.
This survey was conducted online within the United States by The Harris Poll on behalf of NerdWallet from Aug. 21-23, 2018, among 2,035 U.S. adults ages 18 and older. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables and subgroup sample sizes, please contact Thomas McLean at email@example.com.