An increasing number of services is offered online. To use these services or to access content on websites, registration is often required. By registering, people usually provide personal data, such as an e-mail address, a name and/or a phone number. As this data is often sensitive, data leaks could have dire consequences for both the individual victims and the website owners. Data leaks occur when hackers gain access to the database of the website storing the data (i.e., when the website experienced a data breach) and subsequently leak this data to the internet, which in turn enables others to exploit the data. The present study aims to examine what website characteristics relate to the occurrence of data leaks to help design safer online environments. We examine this relationship through the lens of crime and place frameworks applied to online environments.
In this study, we examine differences between characteristic of websites that experienced a data breach and websites that, assumingly, did not. Breached websites are selected from a blogsite reporting on data leaks. We compare these websites with websites from organisations not reported to have experienced a data breach. Website characteristics analysed relate to, amongst others, IT security and privacy. In addition, we also examine to what extent the type of data (that could be) stolen relates to the risk of experiencing a data breach.
The results of this study provide insight into what website characteristics are risk factors for data breaches. We expect to present primary results of the first part of our study during the conference.