TY - JOUR AB - Purpose The purpose of this paper is to understand consumer reactions to security breaches and the best approach for companies to minimize the reputational damage that is done.Design/methodology/approach The authors assessed trust in a company following a data breach as well as perceptions of individual and corporate responsibility for data security and also measured individual personality.Findings The authors found that individuals held companies more responsible for protecting private data and held companies even more responsible following a data breach. Further, perception of responsibility for a data breach significantly affected individuals’ response to a company’s attempt to rebuild trust. Finally, participant personality impacted perceptions of responsibility and trust in a company after a data breach.Research limitations/implications Companies are held more responsible for protecting private data than are individuals. Thus, violation of this expectation insofar as a data breach may result in a psychological contract breach which explains reductions in trust in a company which has experienced a data breach. Further, the effect of company’s responses to a data breach depends on individuals’ perception of responsibility and personality. Thus, the best course of action following a data breach may vary across customers.Practical implications Companies should consider differences in customer perceptions when responding to a data breach.Social implications Individuals differ in how responsible they feel a company is for data security. Further, those differences impact reactions to data breach responses from companies.Originality/value This paper explored personality as it impacts perceptions of corporate responsibility in data security. Further, the authors explore the role of perception of responsibility to determine the role of psychological contract breach in reduced trust after data breach. VL - 33 IS - 4 SN - 0268-6902 DO - 10.1108/MAJ-11-2017-1693 UR - https://doi.org/10.1108/MAJ-11-2017-1693 AU - Carre Jessica Rose AU - Curtis Shelby R. AU - Jones Daniel Nelson PY - 2018 Y1 - 2018/01/01 TI - Ascribing responsibility for online security and data breaches T2 - Managerial Auditing Journal PB - Emerald Publishing Limited SP - 436 EP - 446 Y2 - 2024/04/24 ER -