BACK

Research and Statistics

Poll: Americans leave their personal info open to thieves

9 in 10 have taken at least one big data security risk in the past year

Summary

A new CreditCards.com poll finds nearly all Americans get careless with their private information in some way. The most common error: reusing the same password online.

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

You probably know getting lax with your personal information can be worse than leaving your front door open at night. But chances are you are taking big risks with your data anyway.

A new poll by CreditCards.com found that nearly all Americans get careless with their private information in some way. In fact, 92 percent have taken at least one big data security risk in the past year.

The most common error: reusing the same password online, which can increase your odds of becoming a victim of identity theft. The poll found that more than eight in 10 U.S. adults (82 percent) recycle passwords, and most make this poor practice a habit. In fact, most internet users who do this use the same password at least half (61 percent) or all (22 percent) of the time.

Despite this and other sloppy data security behavior, Americans are very worried about ID theft. In fact, almost half (46 percent) say realizing their identity had been stolen would be worse than discovering that burglars broke into their home (27 percent). The rest said both would be equally bad.

But author and privacy expert Rebecca Herold, known as The Privacy Professor, says she’s not at all surprised so many Americans engage in risky behavior around data security, and she’s skeptical about the 8 percent of Americans who say they have taken no data security risks in the past 12 months.

“I’m surprised it wasn’t 100 percent,” she says.

 

The online survey of 1,210 U.S. adults was conducted online between Jan. 11-14, 2019. See survey methodology.

Are you guilty of these data security sins?

Reusing passwords is just one of many ways Americans take a chance of exposing their private data to fraudsters. Here are four more dicey data security behaviors revealed by the survey:

Hopping online at the coffee shop

A “free Wi-Fi” sign outside a cafe or restaurant is a big draw for Americans on the go, so it’s no surprise that almost half (48 percent) of U.S. adults have used a public Wi-Fi network in the past year.

That number shot up even higher amongst younger consumers. In fact, 67 percent of Gen Z adults (ages 18 to 22) used a public network to get online. Using public Wi-Fi isn’t always bad, but it’s smart to take precautions (see tips below).

Saving sensitive info on your device

It may be tempting to click yes when your browser asks if you want to store your credit card number or password, but doing so can put your accounts and cards at risk if your device gets lost, stolen or hacked. However, almost half of Americans (45 percent) have saved their passwords on their computers or phones and more than one in three (35 percent) have saved their payment info on their devices.

Carrying a card that should be at home

One in three Americans (33 percent) have carried their Social Security card on them, a big no-no that could make you very vulnerable to ID theft if your purse or wallet gets lost or stolen. This practice varies by age and is especially common (51 percent) with members of the Silent Generation aged 74 and older.

That’s because carrying Social Security cards was more common in the past, says Eva Velasquez, president and CEO of the Identity Theft Resource Center, which offers education and free support to victims of ID theft.

“Many seniors got accustomed to carrying that as a form of ID because that’s what you used to do,” she says.

See related: What to do if your card is posted online

Tossing mail without shredding

More than one in four Americans (28 percent) have thrown out mail that contained personal information without shredding it first. Failing to properly destroy credit card statements, medical forms and other sensitive documents can put you at risk for identity theft and other kinds of fraud.

There are many opportunities for a criminal to swipe your trashed mail at any point from your curb to its final destination.

“Landfills and dumps are like the Walmart of personal information,” Herold says.

Other risky behaviors Americans engage in include getting cash from iffy ATMs and sharing their birthday on social media. In fact, 27 percent of Americans have used an ATM not located at a financial institution and 20 percent have shared their actual date of birth on Facebook or another social media platform.

“Most of us in the privacy world have the same birth date, and that’s January 1,” Herold says.

Take simple steps to catch fraud early

No matter how careful you are, it’s likely that some of your personal information will get compromised at some point. In 2017, a record 16.7 million U.S. consumers fell victim to ID fraud, according to “2018 Identity Fraud: Fraud Enters a New Era of Complexity,” a report from Javelin Strategy & Research. The report also found that fraudsters are using more sophisticated tactics.

There are easy steps you can take to catch problems quickly and minimize the damage from fraud, but the CreditCards.com poll found many Americans don’t take advantage of these options to protect their accounts, identity and finances.

The poll found that most Americans have checked their credit reports (83 percent) and credit scores (81 percent) in the past. But almost one in five (19 percent) have never checked their credit reports, and almost as many (17 percent) have never checked their scores.

Consumers who do monitor their credit might not be checking it often enough to catch fraud quickly. In fact, six in 10 (59 percent) Americans have failed to look at their credit report in the past six months or aren’t sure when they last checked. Only 24 percent of U.S. adults have ever used a credit freeze to stop fraudsters from opening accounts in their name.

In addition to reviewing your credit reports, Herold recommends you also log in to your health insurance and health care provider sites to check your medical records regularly. Medical identity theft, in which a criminal pretends to be you to get medical care or prescription drugs, is a growing problem.

“And medical ID theft is not something that’s caught on credit reports,” she says.

See related: Marriott data breach exposes 500 million guests’ information

Tips for locking down your data

Are you ready to tighten up your data security practices? Here are five easy ways to protect yourself from fraud:

1. Thwart hackers in public.

Using public Wi-Fi might be fine for reading articles or checking the weather, but it’s not a safe way to log in to your bank account, share a secret with your best friend or type in any other sensitive information. If you use public Wi-Fi on a regular basis, consider getting a virtual private network (VPN), Velasquez recommends.

A VPN provides a private “tunnel” into the internet so no one else can see your passwords or anything you do online. VPNs are not hard to set up or use, Velasquez says.

2. Use a password classification scheme.

Put the websites for which you use passwords into three groups: low, medium and high security, suggests Jason McNew, founder & CEO of Stronghold Cybersecurity, which provides cybersecurity services for businesses.

A low security site might be one where you sign up for a giveaway, while a medium security site might be a utility provider like your electric company, McNew says. Treat your bank, credit card companies, 401(k), life insurance sites and similar sites as high security, he says. For these sites, use strong passwords, never reuse them for other sites and don’t save them on your browser.

“It’s very different if somebody steals your password for free pizza versus the password to your life insurance,” he says.

3. Carry only essentials in your wallet.

Pare down what you carry in your wallet to limit the information that gets exposed if it gets lost or stolen, Velasquez says. Don’t carry your debit card plus every credit card you own.

And unless you’re going on a specific errand for which you need your Social Security card, such as renewing your driver’s license or getting a passport, leave that card in a safe place.

4. Shred sensitive documents carefully.

It’s not enough to simply shred mail that contains your credit card number, date of birth, Social Security number and other personal information, Herold says. Use a shredder that will cross-cut your documents rather than simply cutting them into wide strips.

“Those wide strips just don’t do it because people will take the time to tape them together,” she says.

5. Stay on top of your credit.

Experts recommend you check your credit several times throughout the year at AnnualCreditReport.com. This site offers you one free report per year from each of the major credit bureaus, Equifax, Experian and TransUnion. You can also check your credit report and score at no cost at Bankrate.

Check one bureau every four months to keep tabs on your credit throughout the year so you can catch ID theft early. Many credit card issuers offer free credit scores to customers, or anyone can check their FICO score for free through Discover Scorecard. And if you become a victim of a data breach or want extra security, consider freezing your credit.

Also, take other basic steps such as using two-factor authentication on your accounts, keeping your devices locked down with strong passcodes and signing up for alerts from your bank and credit card companies, experts say.

These steps are important because identity theft really can be worse than a home break-in, and it can follow you for years, Velasquez says. You may find out someone opened a credit card in your name, then two months later get a bill from a medical provider for care someone got while posing as you, then a year later try to file your taxes and find a thief beat you to your refund, Velasquez says.

“The list goes on and on,” she says. “But you can reduce your risk.”

Survey methodology

This survey was conducted on behalf of CreditCards.com by YouGov Plc. The total sample size was 1,210 U.S. adults. The survey was conducted online between Jan. 11-14, 2019. The figures have been weighted and are representative of all U.S. adults aged 18 and older.

What’s up next?

In Research and Statistics

Data breaches dropped in 2018, but more personal information was exposed

The number of data breaches dropped 24 percent in 2018, but the number of sensitive records involved in those breaches more than doubled, for a whopping 126 percent increase.

Published: February 6, 2019

See more stories
Credit Card Rate Report Updated: August 14th, 2019
Business
15.55%
Airline
17.50%
Cash Back
17.63%
Reward
17.50%
Student
17.69%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.