Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed DataData Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
  1. publications
  2. security

Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data

Available Media

Publication (Pdf)

Slides (pdf)

ConferenceSymposium on Usable Security and Privacy
AuthorsSowmya Karunakaran , Kurt Thomas , Elie Bursztein ,
Citation

Bibtex Citation

@inproceedings{ KARUNAKARAN2018DATA,title = {Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data},author = {"Sowmya, Karunakaran" and "Kurt, Thomas" and "Elie, Bursztein" and "Oxana, Comanescu"},booktitle = {Symposium on Usable Security and Privacy},year = {2018},organization = {Usenix}}

Data exposed by breaches persist as a security and privacy threat for Internet users. Despite this, best practices for how companies should respond to breaches, or how to responsibly handle data after it is leaked, have yet to be identified. We bring users into this discussion through two surveys. In the first, we examine the comprehension of 551 participants on the risks of data breaches and their sentiment towards potential remediation steps. In the second survey, we ask 10,212 participants to rate their level of comfort towards eight different scenarios that capture real world examples of security practitioners, researchers, journalists, and commercial entities investigating leaked data. Our findings indicate that users readily understand the risk of data breaches and have consistent expectations for technical and non-technical remediation steps. We also find that participants are comfortable with applications that examine leaked data—such as threat sharing or a “hacked or not” service when the application has a direct, tangible security benefit. Our findings help to inform a broader discussion on responsible uses of data exposed by breaches.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.