WSJ via MSN: “How do consumers respond when their online accounts are exposed to hackers? Many of them simply don’t. Data breaches at major firms have become all too common, with more than 110 million user accounts exposed in just the second quarter of 2023. Yet our research found that nearly two-thirds of U.S. consumers would return to a site after they were notified of a breach—with only the bare minimum of precautions, like changing their passwords. Almost a quarter of the roughly 200 people we surveyed said they would return to the compromised website with no changes to their behavior at all. Only 10% said they wouldn’t go back. Even people who had cybersecurity training within the past 90 days—in other words, people who should be primed to protect themselves—took risks. In this subsequent study, over a quarter of roughly 500 people said they would return to the breached website while taking the absolute minimum security measures, and only about 9% would take more-complicated steps such as setting up two-factor authentication. And they would do that only if they experienced real financial consequences, like fraudulent charges on their credit cards. Why wouldn’t people protect themselves? Many of the consumers we surveyed believed that there were few—if any—alternatives to the websites they used frequently, and all websites seemed to be affected by data breaches. Why bother beefing up security? Likewise, some people said they would stick with a compromised site because they had put so much time and effort into their presence on it—a classic sunk-cost fallacy…”