"I've Got Nothing to Lose": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach


Yixin Zou, Abraham H. Mhaidli, Austin McCall, and Florian Schaub, School of Information, University of Michigan
Awarded Distinguished Paper!


Equifax, one of the three major U.S. credit bureaus, experienced a large-scale data breach in 2017. We investigated consumers' mental models of credit bureaus, how they perceive risks from this data breach, whether they took protective measures, and their reasons for inaction through 24 semi-structured interviews. We find that participants' mental models of credit bureaus are incomplete and partially inaccurate. Although many participants were aware of and concerned about the Equifax breach, few knew whether they were affected, and even fewer took protective measures after the breach. We find that this behavior is not primarily influenced by accuracy of mental models or risk awareness, but rather by costs associated with protective measures, optimism bias in estimating one's likelihood of victimization, sources of advice, and a general tendency towards delaying action until harm has occurred. We discuss legal, technical and educational implications and directions towards better protecting consumers in the credit reporting system.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {219392,
author = {Yixin Zou and Abraham H. Mhaidli and Austin McCall and Florian Schaub},
title = {"I{\textquoteright}ve Got Nothing to Lose": Consumers{\textquoteright} Risk Perceptions and Protective Actions after the Equifax Data Breach},
booktitle = {Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)},
year = {2018},
isbn = {978-1-939133-10-6},
address = {Baltimore, MD},
pages = {197--216},
url = {https://www.usenix.org/conference/soups2018/presentation/zou},
publisher = {USENIX Association},
month = aug