Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Reactions by Actual Data Breach Victims over Time: Evidence from Facebook’s Cambridge Analytica Breach

Published Online:4 Feb 2026https://doi.org/10.1287/isre.2023.0391

References

  • Acquisti A, Brandimarte L, Loewenstein G (2020) Secrets and likes: The drive for privacy and the difficulty of achieving it in the digital age. J. Consumer Psych. 30(4):736–758.CrossrefGoogle Scholar
  • Agarwal S, Ghosh P, Ruan T, Zhang Y (2024) Transient customer response to data breaches of their information. Management Sci. 70(6):4105–4114.LinkGoogle Scholar
  • Ayaburi EW, Treku DN (2020) Effect of penitence on social media trust and privacy concerns: The case of Facebook. Internat. J. Inform. Management 50:171–181.CrossrefGoogle Scholar
  • Bachura E, Valecha R, Chen R, Rao HR (2022) The OPM data breach: An investigation of shared emotional reactions on Twitter. MIS Quart. 46(2):881–910.CrossrefGoogle Scholar
  • Badshah N (2018) Facebook to contact 87 million users affected by data breach. The Guardian Online (April 8), https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach.Google Scholar
  • Bansal G, Zahedi FM (2015) Trust violation and repair: The information privacy perspective. Decision Support Systems 71:62–77.CrossrefGoogle Scholar
  • Bem DJ (1972) Self-perception theory. Adv. Experiment. Soc. Psych. 6:1–62.CrossrefGoogle Scholar
  • Bentley JM, Ma L (2020) Testing perceptions of organizational apologies after a data breach crisis. Public Relations Rev. 46(5):101975.CrossrefGoogle Scholar
  • Brown AJ (2020) “Should I stay or should I leave?”: Exploring (dis)continued Facebook use after the Cambridge Analytica scandal. Soc. Media Soc. 6(1):1–8.Google Scholar
  • Burtch G, He Q, Hong Y, Lee D (2022) How do peer awards motivate creative content? Experimental evidence from Reddit. Management Sci. 68(5):3488–3506.LinkGoogle Scholar
  • Cadwalladr C, Graham-Harrison E (2018) Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian Online (March 17), https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election.Google Scholar
  • Choi BCF, Kim SS, Jiang Z (2016) Influence of firm’s recovery endeavors upon privacy breach on online customer behavior. J. Management Inform. Systems 33(3):904–933.CrossrefGoogle Scholar
  • Choi H, Park J, Jung Y (2018) The role of privacy fatigue in online privacy behavior. Comput. Human Behav. 81:42–51.CrossrefGoogle Scholar
  • Clifford S, Sheagley G, Piston S (2021) Increasing precision without altering treatment effects: Repeated measures designs in survey experiments. Amer. Political Sci. Rev. 115(3):1048–1065.CrossrefGoogle Scholar
  • Cochran WG (1977) Sampling Techniques, 3rd ed. (John Wiley & Sons, New York).Google Scholar
  • Cohen J (1988) Statistical Power Analysis for the Behavioral Sciences, 2nd ed. (Lawrence Erlbaum Associates, Hillsdale, NJ).Google Scholar
  • Dehling T, Sunyaev A (2023) A design theory for transparency of information privacy practices. Inform. Systems Res. 35(3):956–977.LinkGoogle Scholar
  • Festinger L (1957) A Theory of Cognitive Dissonance (Stanford University Press, Stanford, CA).CrossrefGoogle Scholar
  • Fung B (2019) Facebook will pay an unprecedented $5 billion penalty over privacy breaches. CNN Bus. Online (July 24), https://edition.cnn.com/2019/07/24/tech/facebook-ftc-settlement/index.html.Google Scholar
  • Goode S, Hoehle H, Venkatesh V, Brown SA (2017) User compensation as a data breach recovery action: An investigation of the Sony PlayStation Network breach. MIS Quart. 41(3):703–727.CrossrefGoogle Scholar
  • Grégoire Y, Tripp TM, Legoux R (2009) When customer love turns into lasting hate: The effects of relationship strength and time on customer revenge and avoidance. J. Marketing 73(6):18–32.CrossrefGoogle Scholar
  • Grieve R, Indian M, Witteveen K, Tolan GA, Marrington J (2013) Face-to-face or Facebook: Can social connectedness be derived online? Comput. Human Behav. 29(3):604–609.CrossrefGoogle Scholar
  • Guo Y, Wang C, Chen X (2024) Functional or financial remedies? The effectiveness of recovery strategies after a data breach. J. Enterprise Inform. Management 37(1):148–169.CrossrefGoogle Scholar
  • Haddock G, Maio GR (2008) Attitudes: Content, structure and functions. Hewstone M, Stroebe W, Jonas K, eds. Introduction to Social Psychology: A European Perspective, 4th ed. (BPS Blackwell, Oxford, UK), 112–133.Google Scholar
  • Harmon-Jones E, Mills J, eds. (1999) Cognitive Dissonance: Progress on a Pivotal Theory in Social Psychology (American Psychological Association, Washington, DC).CrossrefGoogle Scholar
  • Hern A (2018) Cambridge Analytica: How did it turn clicks into votes? The Guardian Online (May 6), https://www.theguardian.com/news/2018/may/06/cambridge-analytica-how-turn-clicks-into-votes-christopher-wylie.Google Scholar
  • Hinds J, Williams EJ, Joinson AN (2020) “It wouldn’t happen to me”: Privacy concerns and perspectives following the Cambridge Analytica scandal. Internat. J. Human Comput. Stud. 143:102498.CrossrefGoogle Scholar
  • Hoehle H, Wei J, Schuetz S, Venkatesh V (2021) User compensation as a data breach recovery action: A methodological replication and investigation of generalizability based on the Home Depot breach. Internet Res. 31(3):765–781.CrossrefGoogle Scholar
  • Hoehle H, Venkatesh V, Brown SA, Tepper BJ, Kude T (2022) Impact of customer compensation strategies on outcomes and the mediating role of justice perceptions: A longitudinal study of Target’s data breach. MIS Quart. 46(1):299–340.CrossrefGoogle Scholar
  • Hull G, Lipford HR, Latulipe C (2011) Contextual gaps: Privacy issues on Facebook. Ethics Inform. Tech. 13(4):289–302.CrossrefGoogle Scholar
  • IBM (2023) What is a data breach? Accessed July 15, 2025, https://www.ibm.com/topics/data-breach.Google Scholar
  • James TL, Lowry PB, Wallace L, Warkentin M (2017) The effect of belongingness on obsessive-compulsive disorder in the use of online social networks. J. Management Inform. Systems 34(2):560–596.CrossrefGoogle Scholar
  • Janakiraman R, Lim JH, Rishika R (2018) The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. J. Marketing 82(2):85–105.CrossrefGoogle Scholar
  • John OP, Donahue EM, Kentle RL (1991) The Big Five Inventory—Versions 4a and 54 (University of California, Berkeley, Institute of Personality and Social Research, Berkeley, CA).Google Scholar
  • Jones MA, Reynolds KE, Mothersbaugh DL, Beatty SE (2007) The positive and negative effects of switching costs on relational outcomes. J. Service Res. 9(4):335–355.CrossrefGoogle Scholar
  • King J, Lampinen A, Smolen A (2011) Privacy: Is there an app for that? Cranor LF, Lipford H, Schechter S, eds. Proc. Seventh Sympos. Usable Privacy Security (Association for Computing Machinery, New York), 1–20.Google Scholar
  • Kude T, Hoehle H, Sykes TA (2017) Big data breaches and customer compensation strategies: Personality traits and social influence as antecedents of perceived compensation. Internat. J. Oper. Production Management 37(1):56–74.CrossrefGoogle Scholar
  • Kwon J, Johnson ME (2015) The market effect of healthcare security: Do patients care about data breaches? 14th Workshop Econom. Inform. Security (Delft, Netherlands), 1–33.Google Scholar
  • Lee M, Lee J (2012) The impact of information security failure on customer behaviors: A study on a large-scale hacking incident on the internet. Inform. Systems Frontiers 14(2):375–393.CrossrefGoogle Scholar
  • Lovakov A, Agadullina ER (2021) Empirically derived guidelines for effect size interpretation in social psychology. Eur. J. Soc. Psych. 51(3):485–504.CrossrefGoogle Scholar
  • Lowry PB, D’Arcy J, Hammer B, Moody GD (2016) “Cargo Cult” science in traditional organization and information systems survey research: A case for using nontraditional methods of data collection, including Mechanical Turk and online panels. J. Strategic Inform. Systems 25(3):232–240.CrossrefGoogle Scholar
  • Mamonov S, Koufaris M (2014) The impact of perceived privacy breach on smartphone user attitudes and intention to terminate the relationship with the mobile carrier. Comm. Assoc. Inform. Systems 34(60):1157–1174.Google Scholar
  • Martin KD, Borah A, Palmatier RW (2017) Data privacy: Effects on customer and firm performance. J. Marketing 81(1):36–58.CrossrefGoogle Scholar
  • Masuch K, Greve M, Trang S (2021) What to do after a data breach? Examining apology and compensation as response strategies for health service providers. Electronic Markets 31(4):829–848.CrossrefGoogle Scholar
  • Mikhed V, Vogan M (2018) How data breaches affect consumer credit. J. Banking Finance 88:192–207.CrossrefGoogle Scholar
  • Nikkhah HR, Grover V (2022) An empirical investigation of company response to data breaches. MIS Quart. 46(4):2163–2196.CrossrefGoogle Scholar
  • Nofer M, Hinz O, Muntermann J, Roβnagel H (2014) The economic impact of privacy violations and security breaches: A laboratory experiment. Bus. Inform. Systems Engrg. 6(6):339–348.CrossrefGoogle Scholar
  • Pang MS, Vance A (2025) Breached and denied: The cost of data breaches on individuals as mortgage application denials. MIS Quart. 49(2):465–494.CrossrefGoogle Scholar
  • Ployhart RE, Vandenberg RJ (2010) Longitudinal research: The theory, design, and analysis of change. J. Management 36(1):94–120.Google Scholar
  • Schroeder S (2019) U.S. users are leaving Facebook, new study claims. Mashable Online (March 7), https://mashable.com/article/facebook-losing-users-us/.Google Scholar
  • Solove DJ, Citron DK (2018) Risk and anxiety: A theory of data breach harms. TX Law Rev. 96:738–785.Google Scholar
  • Stantcheva S (2023) How to run surveys: A guide to creating your own identifying variation and revealing the invisible. Annual Rev. Econom. 15(1):205–234.CrossrefGoogle Scholar
  • Statista (2023) Number of Facebook users in the United States from 2018 to 2027. Accessed October 14, 2025, https://www.statista.com/statistics/408971/number-of-us-facebook-users/.Google Scholar
  • Stutzman FD, Gross R, Acquisti A (2013) Silent listeners: The evolution of privacy and disclosure on Facebook. J. Privacy Confidentiality 4(2):7–41.CrossrefGoogle Scholar
  • Syed R (2019) Enterprise reputation threats on social media: A case of data breach framing. J. Strategic Inform. Systems 28(3):257–274.CrossrefGoogle Scholar
  • Symeonidis I, Biczók G, Shirazi F, Pérez-Solà C, Schroers J, Preneel B (2018) Collateral damage of Facebook third-party applications: A comprehensive study. Comp. Security 77:179–208.CrossrefGoogle Scholar
  • The Economist (2024) As Facebook turns 20, politics is out; impersonal video feeds are in. Online (February 1), https://www.economist.com/briefing/2024/02/01/as-facebook-turns-20-politics-is-out-impersonal-video-feeds-are-in.Google Scholar
  • Turjeman D, Feinberg FM (2023) When the data are out: Measuring behavioral changes following a data breach. Marketing Sci. 43(2):440–461.LinkGoogle Scholar
  • Vaidis DC, Sleegers WWA, Van Leeuwen F, DeMarree KG, Sætrevik B, Ross RM, Schmidt K, et al. (2024) A multilab replication of the induced-compliance paradigm of cognitive dissonance. Adv. Methods Practices Psych. Sci. 7(1):1–26.Google Scholar
  • Wright SA, Xie GX (2019) Perceived privacy violation: Exploring the malleability of privacy expectations. J. Bus. Ethics 156:123–140.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree