Between hacking, phishing, and the Internet of Things, cyberattacks are a growing threat—and most Americans seem to know that. They just can’t be bothered to do anything about it.

According to a survey of 1,040 US adults by the Pew Research Center, a majority of Americans have experienced some sort of data breach, with credit card fraud being the most common. More than a third have had sensitive information—financial, health, or other personal data—compromised, and 15% have had their social security number compromised.

Americans are also feeling the anxiety caused by a slew of massive hacks and cyberattacks. Distributed denial-of-service (DDoS) attacks, like the one that temporarily took down Twitter and Spotify in October, grew 30-fold between 2011 and 2014. Pew’s survey found that nearly half of Americans believe their personal information is less secure now than it was five years ago.

Americans don’t put much stock in the public or private sector’s capacity to prevent hacks, either. Some 28% expressed a lack of confidence in the federal government’s ability to keep their personal information safe; 24% said the same about social media; 15% about credit card companies, cell service providers and companies they do business with; and 13% about cellphone manufacturers and email providers.

And yet, a majority of Americans continue to engage in digital practices that make it easier for hackers to gain access to their info. More than half use (insecure) public wifi networks on their phones. Forty-one percent share online passwords with friends and family members, 39% use similar passwords across multiple accounts, and 25% use simple easy-to-guess passwords.

“[Sixty-nine percent] of online adults say they do not worry about how secure their online passwords are—more than double the share (30%) that admits to having worries about their personal password security,” Pew found. (One bright spot: More than half of online adults said they use two-step authentication on at least some of their online accounts.)

Pew’s survey backs up other findings on Americans’ cybersecurity habits. A data-dump of user passwords from music-streaming platform Last.fm found that “123456” and “password” are still among the commonly used.

While the administration being ushered in by US president Donald Trump has yet to outline plans for dealing with cybersecurity, there have been some worrying signs. Trump has allegedly refused to give up his own personal (non-secure) Android phone, and the head of Trump’s cybersecurity group—former New York City mayor Rudy Giuliani—has a company website laden with security pitfalls. Trump’s cabinet has also emphasized the threat of terrorism far more than threats perpetrated by “cyber superpowers“ like Russia and China.

“Fully 70% of Americans expect that the United States will definitely (18%) or probably (51%) experience a significant cyberattack on its public infrastructure (such as air traffic control systems or power grids),” Pew found. Similar proportions of the public shared concern about breaches in the banking and financial sectors.

So Americans are worried… just not enough to protect themselves. Maybe Trump—a devoted adherent of printouts, PDFs and courier service—has it right after all.