News about cyber-attacks and data breaches has become so common that many of us accept them with resignation. The shock and surprise that greeted news of hacks of marquis firms like TJX or Target rarely get expressed – even when the news (as with the recently disclosed breach affecting 1 billion Yahoo account holders) is much bigger.

Lost in the headlines is how these incidents affect ordinary citizens. Who are the billion Yahoo users whose account information was leaked? What impact did the theft of credit card data from Target have on Target customers? How did their lives and attitudes change, if at all?

The truth may be that these incidents affect ordinary Americans more than we would like to believe. If data from the most recent survey Pew Foundation poll of Americans’ attitudes towards cybersecurity is any indication, most Americans have experienced cybercrime directly and have little hope that better days await us in the future. Here are five surprising facts from the Pew survey.

1. Most have had their data stolen

More than two thirds of the 1,040 Americans surveyed by The Pew Center had experienced the theft of personal data. Sixty four percent of the Americans Pew surveyed had personally experienced a major data theft, including 35% who had received notification that some of their personal information had been compromised. Sixteen percent said they had experienced an email account takeover.

2. Their password game is not strong

It is news to nobody that cybercriminals are interested in your passwords. Access to an online banking account can be a quick way to transfer cash out of your wallet and into theirs. Ecommerce web site accounts likewise provide a way for crooks to turn access into dollars. It’s surprising, then, that few Americans exercise discipline in securing access to those accounts. Pew’s survey found that 41% of online adults they surveyed have shared the password to one of their online accounts with a friend or family member. An almost equal share (39%) said they use the same password (or a very similar one) for “many of their online accounts.” A quarter of those surveyed by Pew admitted they often use passwords that are less secure than they’d like, because simpler passwords are easier to remember than more complex ones.

3. They don’t trust the government (or Silicon Valley)

Given the endemic nature of cybercrime and data theft and the (so-far) halting government response to what looks like a public health crisis, it shouldn’t be surprising that Americans are skeptical of the government’s ability to protect them from cybercrime. What’s surprising is that they are equally skeptical of Silicon Valley. According to Pew, almost a third of the Americans the organization polled (28%) said they are not at all confident that the federal government can protect their personal information. Among users of social media applications like Facebook and Twitter, however, almost a quarter (24%) expressed similar levels of doubt about the ability of these sites to keep their personal information safe. Fewer than 1 in 10 Americans (9%) said they had “a great deal of confidence” in social media companies when it comes to protecting data.

4. Kids like encryption. Their parents? Not so much.

The relative risks and rewards of super-strong encryption algorithms has been a topic of debate among policy makers and the public. The head of the FBI, James Comey, has famously warned about cybercriminals using strong encryption to “go dark” – hiding their communications and activities from law enforcement. At the same time, technology firms have staunchly defended the need for strong encryption to protect legitimate communications and resisted government efforts to put “backdoors” in encryption used to protect online data. The public, it turns out, is divided on the issue, Pew found.

Asked whether they agreed that technology companies should be able to use encryption that is unbreakable, “even to law enforcement,” 48% of 18-29 year olds agreed, as did 47% of 30-49 year olds. In contrast, only 35% of those over 65 said they supported that notion. Conversely, 50% of 50 to 64 year olds said law enforcement should be able to access encrypted communications while investigating a crime, compared with just 41% of 18-29 year olds.

5. They’re not optimistic (about cyber).

Given the steady drumbeat of news about cyber-attacks, hacking by nations such as Russia and the loss or theft of data, you can forgive Americans for being pessimistic about the future. The surprise in the Pew report may be just how pessimistic they are. According to the Pew survey, 70% of Americans expect that the United States will definitely (18%) or probably (51%) experience a “significant cyberattack on its public infrastructure (such as air traffic control systems or power grids)” in the next five years. Similar shares of the Pew survey group said they expect similar attacks on the country’s banking and financial systems. And there are few Pollyanna’s in the group. Just 3% of those surveyed said that an attack on the U.S.’s public infrastructure will not occur in the next five years, while only 4% expressed the same confidence that the financial system will not be targeted during that time.