Consumer Reaction to a Data Breach in m-Commerce

Project: Research

View graph of relations


As an innovative model of doing business, mobile or e-commerce platforms have worked as the primary interface through which firms effectively interact with consumers. A large portion of corporate and consumer data has traveled across the Internet. However, this hyper-connected Internet business landscape has experienced increased data breaches. Many firms across industries, such as Anthem Blue Cross (healthcare), Target (retail), JP Morgan Chase (bank), and Equifax (finance), have suffered data breaches. Data breaches have attracted increasing media coverage and public attention. However, there has been little empirical evidence to describe how consumers actually respond to data breaches in mobile or e-commerce environments. Only a few security economics researchers have noted that the stock market reaction to data breaches appears to be somewhat short-lived and limited to the most egregious breaches. Although public concern on data breaches has been widespread, it is not yet apparent whether consumers have taken any action against breached firms. Thus, this study seeks to identify consumer reaction (i.e., consumers’ usage times for a breached firm and their switching tendencies to the breached firm’s competitors) to a data breach. For this investigation, this study plans to employ a quasi-experimental design by utilizing a data breach that occurred in July 2016 (affecting over 10 million consumers) in one of the major South Korean online platform players. Using individual-level mobile usage data, this study proposes to comparechanges in consumer behavior before and after the large-scale data breach. The preliminary tests were conducted using a difference-in-differences approach in the quasi-experimental setting. The results show that after a data breach, consumers reduce their usage of the breached mobile application and increase the usage of its non-breached competitors. The reaction becomes stronger for consumers with high consumer loyalty toward the breached firm. However, a breached firm’s high market power limits this impact. This study further examines how consumers’ diverse online behaviors vary with their reactions to breaches. For example, consumers who frequently visited a breached firm immediately before the breach may react differently to the breach compared to those who visited the firm a relatively long time ago. Understanding these changes in consumer reaction to breaches can provide important policy insight on programs that could effectively induce mobile or e-commerce firms to make security investments as they would for other market-based, brand-building initiatives.


Project number9043055
Grant typeGRF
Effective start/end date1/01/21 → …