{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T17:05:36Z","timestamp":1778000736658,"version":"3.51.4"},"reference-count":143,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2023,9,23]],"date-time":"2023-09-23T00:00:00Z","timestamp":1695427200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NortonLifeLock Graduate Fellowship and the Helmholtz Association (HGF) through the subtopic Engineering Secure Systems"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Comput.-Hum. Interact."],"published-print":{"date-parts":[[2023,10,31]]},"abstract":"<jats:p>Data breaches are prevalent. We provide novel insights into individuals\u2019 awareness, perception, and responses to breaches that affect them through two online surveys: a main survey (<jats:italic>n<\/jats:italic>= 413) in which we presented participants with up to three breaches that affected them, and a follow-up survey (<jats:italic>n<\/jats:italic>= 108) in which we investigated whether the main study participants followed through with their intentions to act. Overall, 73% of participants were affected by at least one breach, but participants were unaware of 74% of breaches affecting them. Although some reported intention to take action, most participants believed the breach would not impact them. We also found a sizable intention-behavior gap. Participants did not follow through with their intention when they were apathetic about breaches, considered potential costs, forgot, or felt resigned about taking action. Our findings suggest that breached organizations should be held accountable for more proactively informing and protecting affected consumers.<\/jats:p>","DOI":"10.1145\/3589958","type":"journal-article","created":{"date-parts":[[2023,4,17]],"date-time":"2023-04-17T12:20:50Z","timestamp":1681734050000},"page":"1-53","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Awareness, Intention, (In)Action: Individuals\u2019 Reactions to Data Breaches"],"prefix":"10.1145","volume":"30","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6267-4874","authenticated-orcid":false,"given":"Peter","family":"Mayer","sequence":"first","affiliation":[{"name":"University of Southern Denmark and Karlsruhe Institute of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9088-705X","authenticated-orcid":false,"given":"Yixin","family":"Zou","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Security and Privacy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-5518-5332","authenticated-orcid":false,"given":"Byron M.","family":"Lowens","sequence":"additional","affiliation":[{"name":"University of Michigan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9813-4545","authenticated-orcid":false,"given":"Hunter A.","family":"Dyer","sequence":"additional","affiliation":[{"name":"The George Washington University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0438-8360","authenticated-orcid":false,"given":"Khue","family":"Le","sequence":"additional","affiliation":[{"name":"University of Michigan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1039-7155","authenticated-orcid":false,"given":"Florian","family":"Schaub","sequence":"additional","affiliation":[{"name":"University of Michigan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3792-2485","authenticated-orcid":false,"given":"Adam J.","family":"Aviv","sequence":"additional","affiliation":[{"name":"The George Washington University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,9,23]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.5555\/3033052"},{"key":"e_1_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/3054926"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyy006"},{"key":"e_1_3_3_5_2","first-page":"257","volume-title":"Proceedings of the USENIX Security Symposium","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proceedings of the USENIX Security Symposium. 257\u2013272. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity13\/sec13-paper_akhawe.pdf."},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/infoman.2016.7477530"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2015.05.005"},{"key":"e_1_3_3_8_2","unstructured":"J. Craig Anderson. 2013. Identity Theft Growing Costly to Victims. Retrieved April 24 2023 from https:\/\/www.usatoday.com\/story\/money\/personalfinance\/2013\/04\/14\/identity-theft-growing\/2082179\/."},{"key":"e_1_3_3_9_2","first-page":"19","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Angulo Julio","year":"2015","unstructured":"Julio Angulo and Martin Ortlieb. 2015. \u201cWTH..!?!\u201d Experiences, reactions, and expectations related to online privacy panic situations. In Proceedings of the Symposium on Usable Privacy and Security. 19\u201338. https:\/\/www.usenix.org\/system\/files\/conference\/soups2015\/soups15-paper-angulo.pdf."},{"key":"e_1_3_3_10_2","first-page":"Article 43, 10","volume-title":"Proceedings of the 23rd Americas Conference on Information Systems","author":"Bachura Eric","year":"2017","unstructured":"Eric Bachura, Rohit Valecha, Rui Chen, and Raghav H. Rao. 2017. Modeling public response to data breaches. In Proceedings of the 23rd Americas Conference on Information Systems. Article 43, 10 pages. https:\/\/core.ac.uk\/download\/pdf\/301372705.pdf."},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.tele.2017.04.013"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.5325\/jinfopoli.6.2016.0154"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.198"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517613"},{"key":"e_1_3_3_15_2","unstructured":"Scott Brown. 2018. Did You Forget to Reply to an Email? The New Gmail Will Remind You. Retrieved October 18 2021 from https:\/\/www.androidauthority.com\/gmail-nudges-feature-865435\/."},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.21315\/mjms2018.25.4.12"},{"key":"e_1_3_3_17_2","doi-asserted-by":"publisher","DOI":"10.1080\/02642069.2019.1603296"},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517475"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2015.1138375"},{"key":"e_1_3_3_20_2","unstructured":"CNBC. 2013. Target Gives 10% Discount to Shoppers After Data Breach. Retrieved April 24 2023 from https:\/\/www.cnbc.com\/amp\/2013\/12\/20\/target-gives-10-discount-to-shoppers-after-data-breach.html."},{"key":"e_1_3_3_21_2","doi-asserted-by":"publisher","DOI":"10.2308\/isys-50704"},{"key":"e_1_3_3_22_2","first-page":"97","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Das Sauvik","year":"2019","unstructured":"Sauvik Das, Laura A. Dabbish, and Jason I. Hong. 2019. A typology of perceived triggers for end-user security and privacy behaviors. In Proceedings of the Symposium on Usable Privacy and Security. 97\u2013115. https:\/\/www.usenix.org\/system\/files\/soups2019-das.pdf."},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2021.3093135"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1561\/3300000026"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173575"},{"issue":"4","key":"e_1_3_3_26_2","first-page":"301","article-title":"Data breach litigation and regulatory enforcement: A survey of our present and how to prepare for the future","volume":"1","author":"Dayanim Behnam","year":"2018","unstructured":"Behnam Dayanim and Edward George. 2018. Data breach litigation and regulatory enforcement: A survey of our present and how to prepare for the future. Cyber Security 1, 4 (2018), 301\u2013315. https:\/\/www.ingentaconnect.com\/content\/hsp\/jcs\/2018\/00000001\/00000004\/art00003.","journal-title":"Cyber Security"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131391"},{"key":"e_1_3_3_28_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium.","author":"Degeling Martin","year":"2018","unstructured":"Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. 2018. We value your privacy . . . now take some cookies: Measuring the GDPR\u2019s impact on web privacy. In Proceedings of the Network and Distributed System Security Symposium."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1111\/jcc4.12163"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1002\/ejsp.2049"},{"key":"e_1_3_3_31_2","volume-title":"From Exposure to Takeover: The 15 Billion Stolen Credentials Allowing Account Takeover","author":"Team Digital Shadows Photon Research","year":"2019","unstructured":"Digital Shadows Photon Research Team. 2019. From Exposure to Takeover: The 15 Billion Stolen Credentials Allowing Account Takeover. Technical Report. Digital Shadows. https:\/\/resources.digitalshadows.com\/whitepapers-and-reports\/from-exposure-to-takeover."},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_24"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1177\/1461444819833331"},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_3_3_35_2","unstructured":"European Parliament. 2016. Regulation (EU) 2016\/679 of the European Parliament and of the Council. Retrieved April 24 2023 from https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679."},{"key":"e_1_3_3_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557292"},{"key":"e_1_3_3_38_2","first-page":"97","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Forget Alain","year":"2016","unstructured":"Alain Forget, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, Marian Harbach, and Rahul Telang. 2016. Do or do not, there is no try: User engagement may not improve security outcomes. In Proceedings of the Symposium on Usable Privacy and Security. 97\u2013111. https:\/\/www.usenix.org\/system\/files\/conference\/soups2016\/soups2016-paper-forget.pdf."},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300834"},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.1108\/09685220310468646"},{"key":"e_1_3_3_41_2","volume-title":"Data Breaches & Customer Loyalty 2017","year":"2018","unstructured":"Gemalto. 2018. Data Breaches & Customer Loyalty 2017. Technical Report. Thales. https:\/\/www6.thalesgroup.com\/2017-data-breaches-customer-loyalty-report."},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1037\/0003-066X.54.7.493"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0065-2601(06)38002-1"},{"key":"e_1_3_3_44_2","unstructured":"Google. 2014. Cleaning Up After Password Dumps. Retrieved April 24 2023 from https:\/\/security.googleblog.com\/2014\/09\/cleaning-up-after-password-dumps.html."},{"issue":"2","key":"e_1_3_3_45_2","doi-asserted-by":"crossref","first-page":"121","DOI":"10.69554\/DISO6037","article-title":"Did the target data breach change consumer assessments of payment card security?","volume":"11","author":"Greene Claire","year":"2017","unstructured":"Claire Greene and Joanna Stavins. 2017. Did the target data breach change consumer assessments of payment card security? Journal of Payments Strategy & Systems 11, 2 (2017), 121\u2013133. https:\/\/www.ingentaconnect.com\/content\/hsp\/jpss\/2017\/00000011\/00000002\/art00004.","journal-title":"Journal of Payments Strategy & Systems"},{"key":"e_1_3_3_46_2","doi-asserted-by":"publisher","DOI":"10.1037\/bul0000025"},{"key":"e_1_3_3_47_2","first-page":"1","volume-title":"Proceedings of the Graphics Interface Conference","author":"Hassanzadeh Zahra","year":"2020","unstructured":"Zahra Hassanzadeh, Sky Marsen, and Robert Biddle. 2020. We\u2019re here to help: Company image repair and user perception of data breaches. In Proceedings of the Graphics Interface Conference. 1\u201310. https:\/\/openreview.net\/pdf?id=790fK3eKe4."},{"key":"e_1_3_3_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"e_1_3_3_49_2","doi-asserted-by":"publisher","DOI":"10.17705\/1cais.03450"},{"key":"e_1_3_3_50_2","unstructured":"Troy Hunt. 2020. Have I Been Pwned: Check If You Have an Account That Has Been Compromised in a Data Breach. Retrieved April 24 2023 from https:\/\/haveibeenpwned.com\/."},{"key":"e_1_3_3_51_2","volume-title":"2021 Consumer Aftermath Report: How Identity Crimes Impact Victims, Their Families, Friends, and Workplaces","author":"Center Identity Theft Resource","year":"2021","unstructured":"Identity Theft Resource Center. 2021. 2021 Consumer Aftermath Report: How Identity Crimes Impact Victims, Their Families, Friends, and Workplaces. Technical Report. Identity Theft Resource Center. https:\/\/www.idtheftcenter.org\/event\/2021-consumer-aftermath-report\/."},{"key":"e_1_3_3_52_2","volume-title":"2021 Annual Data Breach Report","author":"Center Identity Theft Resource","year":"2022","unstructured":"Identity Theft Resource Center. 2022. 2021 Annual Data Breach Report. Technical Report. Identity Theft Resource Center. https:\/\/www.idtheftcenter.org\/publication\/2021-annual-data-breach-report-2\/."},{"key":"e_1_3_3_53_2","unstructured":"Identity Theft Resource Center. 2022. Nonsensitive Records Count. Retrieved April 24 2023 from https:\/\/www.idtheftcenter.org\/glossary\/nonsensitive-records-count\/."},{"key":"e_1_3_3_54_2","volume-title":"The Aftermath of a Data Breach: Consumer Sentiment","author":"Institute Ponemon","year":"2014","unstructured":"Ponemon Institute. 2014. The Aftermath of a Data Breach: Consumer Sentiment. Technical Report. Ponemon Institute. https:\/\/www.ponemon.org\/local\/upload\/file\/Consumer%20Study%20on%20Aftermath%20of%20a%20Breach%20FINAL%202.pdf."},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(18)30052-6"},{"key":"e_1_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1080\/10570314.2013.866686"},{"key":"e_1_3_3_57_2","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00660"},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2017.265105441"},{"key":"e_1_3_3_59_2","first-page":"39","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Kang Ruogu","year":"2015","unstructured":"Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. \u201cMy data just goes everywhere\u201d: User mental models of the internet and implications for privacy and security. In Proceedings of the Symposium on Usable Privacy and Security. 39\u201352. https:\/\/www.usenix.org\/system\/files\/conference\/soups2015\/soups15-paper-kang.pdf."},{"key":"e_1_3_3_60_2","first-page":"217","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Karunakaran Sowmya","year":"2018","unstructured":"Sowmya Karunakaran, Kurt Thomas, Elie Bursztein, and Oxana Comanescu. 2018. Data breaches: User comprehension, expectations, and concerns with handling exposed data. In Proceedings of the Symposium on Usable Privacy and Security. 217\u2013234. https:\/\/www.usenix.org\/system\/files\/conference\/soups2018\/soups2018-karunakaran.pdf."},{"key":"e_1_3_3_61_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39345-7_11"},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2013.08.016"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.5817\/CP2016-1-2"},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.1080\/23311975.2017.1354525"},{"key":"e_1_3_3_65_2","unstructured":"Brian Krebs. 2014. Are Credit Monitoring Services Worth It? Retrieved April 24 2023 fromhttps:\/\/krebsonsecurity.com\/2014\/03\/are-credit-monitoring-services-worth-it\/."},{"key":"e_1_3_3_66_2","doi-asserted-by":"publisher","DOI":"10.1108\/IJOPM-03-2015-0156"},{"key":"e_1_3_3_67_2","doi-asserted-by":"crossref","unstructured":"Oksana Kulyk Benjamin Reinheimer Lukas Aldag Nina Gerber Peter Mayer and Melanie Volkamer. 2020. Security and privacy awareness in smart environments\u2014A cross-country investigation. In Financial Cryptography and Data Security . Lecture Notes in Computer Science Vol. 12063. Springer 84\u2013101.","DOI":"10.1007\/978-3-030-54455-3_7"},{"key":"e_1_3_3_68_2","first-page":"1","volume-title":"Proceedings of the Workshop on the Economics of Information Security","author":"Kwon Juhee","year":"2015","unstructured":"Juhee Kwon and M. Eric Johnson. 2015. The market effect of healthcare security: Do patients care about data breaches? In Proceedings of the Workshop on the Economics of Information Security. 1\u201333. https:\/\/econinfosec.org\/archive\/weis2015\/papers\/WEIS_2015_kwon.pdf."},{"key":"e_1_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.1162\/003355397555253"},{"key":"e_1_3_3_70_2","unstructured":"Ravie Lakshmanan. 2019. Chrome and Firefox Will Now Alert You About Data Breaches Involving Your Accounts. Retrieved April 24 2023 from https:\/\/thenextweb.com\/security\/2019\/10\/23\/chrome-and-firefox-will-now-alert-you-about-data-breaches-involving-your-accounts\/."},{"key":"e_1_3_3_71_2","doi-asserted-by":"publisher","DOI":"10.2307\/2529310"},{"key":"e_1_3_3_72_2","first-page":"229","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Lastdrager Elmer","year":"2017","unstructured":"Elmer Lastdrager, In\u00e9s Carvajal Gallardo, Pieter Hartel, and Marianne Junger. 2017. How effective is anti-phishing training for children? In Proceedings of the Symposium on Usable Privacy and Security. 229\u2013239. https:\/\/www.usenix.org\/system\/files\/conference\/soups2017\/soups2017-lastdrager.pdf."},{"key":"e_1_3_3_73_2","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2013.192"},{"key":"e_1_3_3_74_2","unstructured":"Ron Lieber. 2019. How to Protect Yourself After the Equifax Breach. Retrieved April 24 2023 from https:\/\/www.nytimes.com\/interactive\/2017\/your-money\/equifax-data-breach-credit.html."},{"key":"e_1_3_3_75_2","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0004"},{"key":"e_1_3_3_76_2","unstructured":"Peter Mayer Hermann Berket and Melanie Volkamer. 2016. Enabling automatic password change in password managers through crowdsourcing. In Proceedings of the International Conference on Passwords ."},{"key":"e_1_3_3_77_2","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3098986"},{"key":"e_1_3_3_78_2","first-page":"393","volume-title":"Proceedings of the USENIX Security Symposium","author":"Mayer Peter","year":"2021","unstructured":"Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv. 2021. \u201cNow I\u2019m a bit angry:\u201d Individuals\u2019 awareness, perception, and responses to data breaches that affected them. In Proceedings of the USENIX Security Symposium. 393\u2013410. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/mayer."},{"key":"e_1_3_3_79_2","first-page":"375","volume-title":"Proceedings of the USENIX Security Symposium","author":"McDonald Allison","year":"2021","unstructured":"Allison McDonald, Catherine Barwulor, Michelle L. Mazurek, Florian Schaub, and Elissa M. Redmiles. 2021. \u201cIt\u2019s stressful having all these phones\u201d: Investigating sex workers\u2019 safety goals, risks, and practices online. In Proceedings of the USENIX Security Symposium. 375\u2013392. https:\/\/www.usenix.org\/system\/files\/sec21-mcdonald.pdf."},{"key":"e_1_3_3_80_2","doi-asserted-by":"publisher","DOI":"10.1145\/777313.777327"},{"key":"e_1_3_3_81_2","doi-asserted-by":"crossref","unstructured":"Vyacheslav Mikhed and Michael Vogan. 2015. Out of Sight Out of Mind: Consumer Reaction to News on Data Breaches and Identity Theft. Retrieved April 24 2023 from https:\/\/ssrn.com\/abstract=2691902.","DOI":"10.21799\/frbp.wp.2015.42"},{"key":"e_1_3_3_82_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbankfin.2017.12.002"},{"key":"e_1_3_3_83_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-8640.2012.00460.x"},{"key":"e_1_3_3_84_2","unstructured":"Mozilla. 2022. Firefox Monitor. Retrieved April 24 2023 from https:\/\/monitor.firefox.com\/."},{"key":"e_1_3_3_85_2","first-page":"Article 7, 8 pa","volume-title":"Proceedings of the Midwest Association for Information Systems Conference","author":"Muzatko Steven","year":"2018","unstructured":"Steven Muzatko and Gaurav Bansal. 2018. Timing of data breach announcement and e-commerce trust. In Proceedings of the Midwest Association for Information Systems Conference. Article 7, 8 pages. https:\/\/core.ac.uk\/download\/pdf\/301374905.pdf."},{"key":"e_1_3_3_86_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.1745-6606.2006.00070.x"},{"key":"e_1_3_3_87_2","doi-asserted-by":"publisher","DOI":"10.4324\/9781315802725-5"},{"key":"e_1_3_3_88_2","doi-asserted-by":"publisher","DOI":"10.1145\/3463676.3485598"},{"key":"e_1_3_3_89_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbef.2017.12.004"},{"key":"e_1_3_3_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"e_1_3_3_91_2","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329818"},{"key":"e_1_3_3_92_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300748"},{"key":"e_1_3_3_93_2","first-page":"1171","article-title":"So you\u2019ve been notified, now what: The problem with current data-breach notification laws","volume":"56","author":"Peters Rachael M.","year":"2014","unstructured":"Rachael M. Peters. 2014. So you\u2019ve been notified, now what: The problem with current data-breach notification laws. Arizona Law Review 56 (2014), 1171\u20131202.","journal-title":"Arizona Law Review"},{"key":"e_1_3_3_94_2","unstructured":"Katie Petrillo. 2018. Protect Your Accounts with Breach Alerts Through LastPass. Retrieved April 24 2023 from https:\/\/blog.lastpass.com\/2018\/11\/protect-your-accounts-with-breach-alerts-through-lastpass\/."},{"key":"e_1_3_3_95_2","unstructured":"Privacy Rights Clearinghouse. 2020. Data Breach Chronology. Retrieved April 24 2023 from https:\/\/privacyrights.org\/data-breaches."},{"key":"e_1_3_3_96_2","first-page":"457","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Rader Emilee","year":"2020","unstructured":"Emilee Rader, Samantha Hautea, and Anjali Munasinghe. 2020. \u201cI have a narrow thought process\u201d: Constraints on explanations connecting inferences and self-perceptions. In Proceedings of the Symposium on Usable Privacy and Security. 457\u2013488. https:\/\/www.usenix.org\/system\/files\/soups2020-rader.pdf."},{"key":"e_1_3_3_97_2","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyv008"},{"key":"e_1_3_3_98_2","volume-title":"Anonymity, Privacy, and Security Online","author":"Rainie Lee","year":"2013","unstructured":"Lee Rainie, Sara Kiesler, Ruogu Kang, Mary Madden, Maeve Duggan, Stephanie Brown, and Laura Dabbish. 2013. Anonymity, Privacy, and Security Online. Technical Report. Pew Research Center. https:\/\/www.pewinternet.org\/wp-content\/uploads\/sites\/9\/media\/Files\/Reports\/2013\/PIP_AnonymityOnline_090513.pdf."},{"key":"e_1_3_3_99_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.24"},{"key":"e_1_3_3_100_2","first-page":"89","volume-title":"Proceedings of the USENIX Security Symposium","author":"Redmiles Elissa M.","year":"2020","unstructured":"Elissa M. Redmiles, Noel Warford, Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, and Michelle L. Mazurek. 2020. A comprehensive quality evaluation of security and privacy advice on the web. In Proceedings of the USENIX Security Symposium. 89\u2013108. https:\/\/www.usenix.org\/system\/files\/sec20-redmiles.pdf."},{"key":"e_1_3_3_101_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243740"},{"key":"e_1_3_3_102_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.3681050"},{"key":"e_1_3_3_103_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2018.05.011"},{"key":"e_1_3_3_104_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmoneco.2009.09.003"},{"key":"e_1_3_3_105_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(18)30111-9"},{"key":"e_1_3_3_106_2","doi-asserted-by":"publisher","DOI":"10.1080\/00223980.1975.9915803"},{"key":"e_1_3_3_107_2","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyw001"},{"key":"e_1_3_3_108_2","doi-asserted-by":"publisher","DOI":"10.1111\/jels.12035"},{"key":"e_1_3_3_109_2","doi-asserted-by":"publisher","DOI":"10.1002\/pam.20567"},{"key":"e_1_3_3_110_2","volume-title":"The Coding Manual for Qualitative Researchers","author":"Salda\u00f1a Johnny","year":"2015","unstructured":"Johnny Salda\u00f1a. 2015. The Coding Manual for Qualitative Researchers. Sage Publications, Thousand Oaks, CA."},{"key":"e_1_3_3_111_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2022.103638"},{"key":"e_1_3_3_112_2","unstructured":"Robert Schoshinski. 2019. Equifax Data Breach: Pick Free Credit Monitoring. Retrieved April 24 2023 from https:\/\/www.consumer.ftc.gov\/blog\/2019\/07\/equifax-data-breach-pick-free-credit-monitoring."},{"key":"e_1_3_3_113_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557330"},{"key":"e_1_3_3_114_2","doi-asserted-by":"publisher","DOI":"10.1111\/spc3.12265"},{"key":"e_1_3_3_115_2","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753383"},{"key":"e_1_3_3_116_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557421"},{"key":"e_1_3_3_117_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.0272-4332.2004.00433.x"},{"key":"e_1_3_3_118_2","first-page":"737","article-title":"Risk and anxiety: A theory of data-breach harms","volume":"96","author":"Solove Daniel J.","year":"2017","unstructured":"Daniel J. Solove and Danielle Keats Citron. 2017. Risk and anxiety: A theory of data-breach harms. Texas Law Review 96 (2017), 737\u2013786.","journal-title":"Texas Law Review"},{"key":"e_1_3_3_119_2","volume-title":"Breached!: Why Data Security Law Fails and How to Improve It","author":"Solove Daniel J.","year":"2022","unstructured":"Daniel J. Solove and Woodrow Hartzog. 2022. Breached!: Why Data Security Law Fails and How to Improve It. Oxford University Press."},{"key":"e_1_3_3_120_2","first-page":"379","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Story Peter","year":"2020","unstructured":"Peter Story, Daniel Smullen, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. From intent to action: Nudging users towards secure mobile payments. In Proceedings of the Symposium on Usable Privacy and Security. 379\u2013415. https:\/\/www.usenix.org\/system\/files\/soups2020-story.pdf."},{"key":"e_1_3_3_121_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101924"},{"key":"e_1_3_3_122_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2015.12"},{"key":"e_1_3_3_123_2","unstructured":"The Federal Trade Commission. 2021. What to know about Credit Freezes and Fraud Alerts. Retrieved April 15 2023 from https:\/\/consumer.ftc.gov\/articles\/what-know-about-credit-freezes-fraud-alerts."},{"key":"e_1_3_3_124_2","unstructured":"The Federal Trade Commission. 2020. When Information Is Lost or Exposed. Retrieved April 24 2023 from https:\/\/www.identitytheft.gov\/databreach."},{"key":"e_1_3_3_125_2","unstructured":"The Firefox Frontier. 2019. What to Do After a Data Breach. Retrieved April 24 2023 from https:\/\/blog.mozilla.org\/firefox\/what-to-do-after-a-data-breach\/."},{"key":"e_1_3_3_126_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134067"},{"key":"e_1_3_3_127_2","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3427254"},{"key":"e_1_3_3_128_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2018.11.003"},{"key":"e_1_3_3_129_2","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0030"},{"key":"e_1_3_3_130_2","doi-asserted-by":"publisher","DOI":"10.1177\/1080569912443081"},{"key":"e_1_3_3_131_2","unstructured":"Paul Wagenseil. 2019. What to Do After a Data Breach. Retrieved April 24 2023 from https:\/\/www.tomsguide.com\/us\/data-breach-to-dos news-18007.html."},{"key":"e_1_3_3_132_2","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837125"},{"key":"e_1_3_3_133_2","first-page":"175","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Wash Rick","year":"2016","unstructured":"Rick Wash, Emilee Rader, Ruthie Berman, and Zac Wellmer. 2016. Understanding password choices: How frequently entered passwords are re-used across websites. In Proceedings of the Symposium on Usable Privacy and Security. 175\u2013188. https:\/\/www.usenix.org\/system\/files\/conference\/soups2016\/soups2016-paper-wash.pdf."},{"key":"e_1_3_3_134_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376605"},{"key":"e_1_3_3_135_2","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.132.2.249"},{"key":"e_1_3_3_136_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363200"},{"key":"e_1_3_3_137_2","doi-asserted-by":"publisher","DOI":"10.2501\/JAR-2017-005"},{"key":"e_1_3_3_138_2","unstructured":"Victoria Woollaston. 2016. Facebook and Netflix Reset Passwords After Data Breaches. Retrieved April 24 2023 from https:\/\/www.wired.co.uk\/article\/facebook-netflix-password-reset."},{"key":"e_1_3_3_139_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3517467"},{"key":"e_1_3_3_140_2","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v027.i08"},{"key":"e_1_3_3_141_2","doi-asserted-by":"publisher","DOI":"10.18420\/muc2018-ws08-0539"},{"key":"e_1_3_3_142_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300424"},{"key":"e_1_3_3_143_2","first-page":"197","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Zou Yixin","year":"2018","unstructured":"Yixin Zou, Abraham H. Mhaidli, Austin McCall, and Florian Schaub. 2018. \u201cI\u2019ve got nothing to lose\u201d: Consumers\u2019 risk perceptions and protective actions after the Equifax data breach. In Proceedings of the Symposium on Usable Privacy and Security. 197\u2013216. https:\/\/www.usenix.org\/system\/files\/conference\/soups2018\/soups2018-zou.pdf."},{"key":"e_1_3_3_144_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376570"}],"container-title":["ACM Transactions on Computer-Human Interaction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589958","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589958","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T18:43:05Z","timestamp":1750272185000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589958"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,23]]},"references-count":143,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2023,10,31]]}},"alternative-id":["10.1145\/3589958"],"URL":"https:\/\/doi.org\/10.1145\/3589958","relation":{},"ISSN":["1073-0516","1557-7325"],"issn-type":[{"value":"1073-0516","type":"print"},{"value":"1557-7325","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,23]]},"assertion":[{"value":"2022-06-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-01-23","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-09-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}