How Do Cyberattacks Hurt Me? (2018-2019)


Data breaches and computer hacks are occurring at an alarming pace, exposing consumers’ financial information to misappropriation. Where does this data go? Why do we feel so exposed and vulnerable? Should we care, especially in light of the fact that we voluntarily turn over personal data to social media firms and financial institutions anyway? What are our hunches about the harms, and how do we find data that can document such harm?

“Evidence of harm” is a term of art coming from methodologies employed in environmental policy. Turning to environmental policy is necessary to shed light on understanding the harms that occur from a misappropriation of financial data because of a similar feature: parts of the harm can come further out in time, making the causal connection to the original event difficult to discern. As in the case of an environmental contaminant whose health and environmental effects may not be exhibited until many years have passed, some of the harms associated with misappropriated financial information—such as the effects on credit scores and the effects of impersonation involved in identity theft—may not exhibit themselves immediately.

Project Description

This Bass Connections project will explore the pathways to harm from consumer data breaches, particularly as such pathways may have effects on our ability to access credit and be full economic citizens. The project’s primary objective is to discern and then depict harms to consumers from financial data breaches, as this knowledge is foundational to discussions regarding optimal policy design and intervention.

The project team will begin by reviewing large cyberattacks that involve personal financial information, the pathways through which this information gets transmitted and how the information is utilized to harm consumers.

From here, the project team will articulate a list of potential harms and attempt to quantify the cost of these harms to consumers. Such costs will likely include: monitoring credit reports; time and money spent engaged in credit freezes; purchasing credit reporting services; adverse credit report action; or cleaning up from identity theft. Next, team members will use accessible graphics to depict the potential harms.

A subsequent Data+ project in Summer 2019 will turn the graphical depiction into a model that can be utilized by firms and regulators alike in order to better quantify the risks associated with data breaches.

Anticipated Outcomes

Catalog and summary of consumer data breaches; web page that contains this information; written analysis of major findings; web-based graphic that depicts the impact of potential harms associated with consumer data breaches

Student Opportunities

Students will learn a variety of qualitative and quantitative research skills. Students will also have the opportunity to communicate their research findings both graphically and in written form on the Global Financial Markets Center’s blog: “The FinReg Blog.”

The team will meet once a week with the potential for additional meetings of team subgroups. In addition to the weekly meetings, team leaders and the graduate student project manager will regularly meet with selected undergraduates for mentorship and collaboration.

The team will include one graduate student serving as project manager and five graduate students and five undergraduates, in such fields as computer science, environmental sciences, public policy, engineering, sociology, statistics, law, finance and data science. Some students with skills in graphic design and statistics will be necessary.

Students will be evaluated based on their ability to contribute and advocate in a sustained way, help the group move toward the delivery of the graphic, take assigned tasks to completion, be active rather than passive learners and articulate concepts that they had no prior knowledge of before this work.

Duke undergraduates and graduate students can apply for this project team beginning on January 24. The priority deadline is February 16 at 5:00 p.m.


Fall 2018 – Spring 2019

  • Fall 2018: Research and catalog major consumer data breaches. Begin to develop a web page that summarizes this information. Begin to formulate an understanding of how these breaches harm consumers.
  • Spring 2019: Communicate significant findings from work done in the fall in a series of blog posts. Develop the web-based graphical depiction of harm.


Independent study credit available for fall and spring semesters

Faculty/Staff Team Members

Sarah Bloom Raskin, Rubenstein Fellows Academy*
Lee Reiners, Duke Law-Global Financial Markets Center*

* denotes team leader


Active, New