Published 9:18 AM EST Feb 24, 2020
After a restorative getaway last July – a week in Stockholm, another exploring Norway’s fjords and a picturesque hike deep into the peaceful wilds of western Sweden’s forests – Christopher Lane returned home to his Chicago condo and an overflowing mailbox.
A nondescript envelope stamped “Important Update – Open Immediately” caught his attention. Inside was an alarming notice that his medical and financial information had been stolen.
“As the news sank in, I felt dizzy with shock,” said Lane, 53, a professor of English and the medical humanities at Northwestern University.
Details of the data breach were scarce. The company had filed for bankruptcy. Advice from a helpline was “next to useless,” Lane says. He had no way of knowing how much of his data had been compromised or what the consequences would be.
Lane channeled his helplessness and frustration into Side Effects, his mental health and public health blog at Psychology Today, to help others in similar predicaments and raise awareness.
As breach after breach exposes the vulnerability of systems that are supposed to guard our private information, Lane’s experience has become distressingly common. So have his feelings about it.
Think of it as a hidden but growing epidemic.
Mental health professionals say data breaches and other cyber crimes are increasingly taking a heavy psychological toll on the millions of Americans whose personal information is plundered by fraudsters.
Stealing data from 145 million America: How Chinese military hackers allegedly pulled off the Equifax data breach
Equifax breach: How to ‘freeze’ your credit following news of China military hack
It’s not just the nightmarish process of clearing your name and credit history or the struggle to get credit or loans, housing, employment or medical services after a breach. Victims wrestle with feelings of powerlessness and vulnerability. Their sleep can be disrupted, energy levels decrease. They self-medicate with alcohol, drugs or food. For some, the aftereffects are more severe: bouts of depression and anxiety, even post-traumatic stress disorder.
“With every exposure you have to it, with every reminder, you get retraumatized,” says Stanford University psychiatry professor Elias Aboujaoude, author of Virtually You: The Dangerous Powers of the E-Personality.
In extreme cases, data theft can wreck lives. Resignations, divorces and suicides followed the release of stolen information – names, addresses, phone numbers and birth dates and details of credit card transactions – from ashley madison, a popular dating website marketed to adulterers.
“Depending on who the attackers and the victims are, the psychological effects of cyber attacks may even rival those of traditional terrorism,” says Dr. Maria Bada, research associate at the Cambridge Cybercrime Centre at the University of Cambridge.
This week, San Francisco psychiatrist Ryan Louie is leading a session at the RSA Conference, the world’s largest gathering of security experts, on “#Psybersecurity: Mental Health Impact of Cyberattacks.”
“We’re just at the tip of the iceberg right now,” Louie says. “Everyone is going to begin realizing that these cyber attacks, which are getting more and more technically complex and more and more damaging, are affecting people’s way of thinking, their feelings and their emotions.”
Victims report feeling frustrated and helpless
Much of the emotional fallout from cyber crimes is anecdotal, but researchers have begun to study it.
According to a recent survey by the nonprofit Identity Theft Resource Center, 86% of victims of identity theft reported feeling worried, angry and frustrated.
Nearly 70% felt they could not trust others and they felt unsafe. More than two-thirds reported feelings of powerlessness or helplessness. Sadness or depression afflicted 59%. Half of the victims reported losing interest in activities or hobbies they once enjoyed.
These negative emotions can have physical repercussions. Nearly 85% reported disturbances in their sleep habits, 77% reported increased stress levels and nearly 64% said they had trouble concentrating. Aches, pains, headaches and cramps were symptoms for nearly 57%.
Consumers aren’t the only ones in harm’s way. On the front lines of a high-stress occupation, cybersecurity professionals shoulder the weighty responsibility of protecting other people’s data. Louie says these professionals frequently describe being in a constant state of high alert. Even when they clock out, they feel incapable of “turning off.” Guilt and shame are common reactions to data thefts that occur on their watch.
In recent years, awareness of the mental health impact of cyber crime has shot up in tandem with the rising number of incidents, says crisis management professional Terri Howard, senior director at FEI Workforce Resilience in Milwaukee which provides support to companies and their employees after crises such as workplace shootings and natural disasters.
Psychological toll increasing with cyber attacks
After the Target data breach in 2013, calls about cyber attacks escalated, Howard says. Hotlines her company set up through the employee assistance program buzzed constantly.
FEI Workforce Resilience found itself administering what Howard calls “psychological first-aid” to shell-shocked and stressed-out employees whose information had been nabbed. For these employees, the threat of the stolen data being exploited was sometimes just as traumatic as the reality of it happening, she says. Employees were referred to short-term counseling to help them cope, whether they were just rattled by the breach or were overwhelmed unwinding the damage.
“Unfortunately these types of incidents when they happen to some people can cause secondary trauma,” Howard says. “They may think about another time when they were violated, so it gets compounded.”
In the midst of crisis, Amy Krebs found a novel way to cope. She started a blog on identity theft.
Armed with her social security number and maiden name, the identity thief who went after Krebs in 2013 opened up more than 50 accounts. Hundreds of hours went into unraveling the mess.
The “nightmare spreadsheet” she created to document each new incident has 500 entries. “There wasn’t enough time in the day,” says Krebs, 41, who skipped dinners or movies out, unable to take a break for an hour or two as her imposter opened account after account.
The relentless calls from collection companies grated. Krebs had always been prompt with payments and cautious in her finances.
Even years later, she still gets unpleasant reminders. Catalogs from stores she’s never frequented. Security questions at her bank that she doesn’t know because they were answered by the person who pretended to be her.
“I have to prove myself again and again,” she says. “That is emotional and frustrating. And that feeling has not gone away, from the time I found out I was victim to today.”
Krebs doesn’t know how her identity was stolen but the person was eventually apprehended by police and pleaded guilty to identity theft.
After the conviction, Krebs started the AKA Jane Doe blog to show people how to protect themselves from identity theft and to steer them to the right resources if they, like her, had become victims.
The blog has been both therapeutic and empowering, she says, restoring some of the control she felt she lost when her identity was stolen.
“It has been a great release for me,” Krebs says. “It was an opportunity to put my voice out there and a way to protect myself should anyone else come after me saying I owed something.”
Tips for coping with cyber crime
Howard says victims should monitor their mental health the way they do their credit reports.
- Talk about it. “Unfortunately because these hacks are occurring so frequently, I don’t think people are as engaged as they should be in talking about the ramifications,” Howard says. Surround yourself with supportive people. Talk to a friend, a family member or your pastor or rabbi. “It’s important that people are allowed to voice what’s happening to them,” she says.
- Take back control. Keep a journal of every call you make, letter you receive, every action you take to fix what’s happened.
- Practice self-care. Being the victim of a cyber crime is like being the victim of an assault. Give yourself a break.
- Don’t blame yourself. Depending on the type of victimization, the victim can go into stages of grief, suffer from anger or rage,” Bada says. “In some cases, victims may even blame themselves and develop a sense of shame.”
- Consider professional help. Get some counseling through your company’s employee assistance program or privately.
- Contact a victim’s assistance group such as the Identity Theft Resource Center.