Here's an unsettling but unsurprising statistic from a recent Wall Street Journal/NBC News poll: almost half of all Americans say that in the past year, they or someone in their immediate household received at least one message from a retailer or card issuer, warning them that their credit or debit card details had recently been stolen in a data breach.
That statistic does not include Americans who learned about a breach only after noticing fraudulent charges on their own payment statements, or because they read about the breach in the news.
How many of those retail security breach headlines have you seen in the past year? Probably too many to remember them all, and too many to even care about them all — at some point, they all started blending together into the background noise -- sort of like those "Falling Rock" signs you see in the mountains. Eventually, they fade into the background.
It's a phenomenon called “breach fatigue,” wherein consumers stop paying attention to news of retail hackings and other cyber-security breaches because they happen so often. Human nature makes some form of breach fatigue unavoidable – no matter how shocking any given story might be the first time you hear it, after the dozenth or hundredth or thousandth reptition it barely merits a yawn.
"I feel nothing"
Even journalists whose jobs require them to cover data breaches get fatigued. Back in September, when the possibility of a Home Depot hacking first hit the news, NPR's All Things Considered aired an episode called “I Feel Nothing: The Home Depot hack and data breach fatigue.” Here at ConsumerAffairs, we referred to Home Depot as merely “the latest addition to the list of companies that suffered a security breach,” before noting that the then-new Home Depot hacking appeared connected to earlier hackings at companies including P.F. Chang's, Sally Beauty Supply, and Target.
And whenever we publish the latest security breach warning du jour, we almost always get reader comments such as (actual comment from our first Home Depot breach story): “This is nothing new.” We've got breach fatigue, you've got breach fatigue – the only people who aren't sick and tired of all these constant hackings are the hackers themselves.
But such an attitude only benefits the hackers. It's one thing to deal with breach fatigue by deciding “To heck with these hackable credit cards, I'll just use cash,” but another matter entirely to deal with it by deciding “I'll continue using credit cards, but I can't be bothered to check whether they've been breached or not.”
Various forms of “can't be bothered” fatigue is exactly what certain types of scammers count on to make their dishonest profits. In 2012, for example, the Federal Trade Commission filed a lawsuit against a prolific scammer who made hundreds of millions of dollars by putting fraudulent charges on people's credit cards – charges in small, random-sounding amounts, like $7.22 or $3.34. So many people overlooked and paid those fake charges every month that the scammer made over $460 million before the FTC eventually shut him down.
Last autumn, some voyeurs started a website dedicated to streaming live footage from people's Internet-connected baby monitors and other home security devices – easy for them to do because so many people who installed baby monitors and other forms of spy equipment in their homes couldn't be bothered to change the default passwords on those monitors or cameras, thus making it ridiculously easy for anyone who knows the default password to spy on strangers in their own homes.
Breach forecasts
The data broker Experian, which in 2013 suffered an infamous data breach that exposed up to five out of six Americans' personal information to an identity thief who operated out of Vietnam, has since started producing and releasing annual “forecasts” about data breaches in the financial industry.
Experian's 2015 Data Breach Industry Forecast predicts, among other things, that data-breach fatigue is only likely to grow among consumers, who as a result will take even less action to protect themselves. (And it's easy to see what a vicious cycle that ends up being: hackings are so commonplace that consumers get tired of protecting themselves, which makes it even easier for hackers to make their dishonest money, which means hackings become more commonplace, which makes consumers even more tired of protecting themselves....)
Yes, you're tired of all those reminders to inspect your credit card statements and look for fraudulent charges and change your account numbers and passwords every time a hacker might've seen the old ones. But hackers and scammers want you to feel this way. Their intention is to spy on or steal from you, and if you give in to breach fatigue, you'll only make it easier for them to succeed.