Target Data Breach: Paying For It In More Ways Than One
Everyone is talking about Target these days… and not in a good way! The conversations involving Target are no longer bragging about purchasing a new electronic for cheaper than retail price; they are discussing who’s been impacted by the massive data breach and what inconvenient steps had to be taken following the discovery that your information had been hacked. I do not think that is what Target was planning for as the holidays came around.
By now, I believe everyone knows the magnitude of people affected by the breach (110 million people for those who did not), how those people have been impacted, and that the threat of identity theft lingers for each victim. What interests me is how Target’s reputation as a company continues to tarnish and the different ways the company is paying for this breach.
The news that 40 million consumers’ card information had been hacked, the number originally reported, couldn’t have come at a worse time for Target. Right in the middle of holiday shopping. As one would expect, following the announcement, holiday sales fell quickly and sales at most stores reportedly fell between 2% and 6%. An associated cost that comes as no surprise for companies that have experienced a data breach is the loss of potential customers and, therefore, revenue.
Rightfully so, consumers get nervous. It may take weeks or months for those affected, and even those not affected, to instill confidence back into the company. Consumers will go somewhere else to shop, perhaps somewhere that hasn’t been hacked recently, and the company will miss out on all those sales. For Target, this has been proven. Not only has sales taken a hit, but they are already announcing that they will have to close some stores in May due to expected financial performance. At this point, a month and a half after the original breach, Target still has a negative connotation to it and the company’s brand is still suffering.
Others are incurring costs as a result of the breach as well. It costs at least $10 to issue one new card, and at this point retailers don’t have to pay that, banks and card issuers do. For example, J.P. Morgan Chase made the decision to replace all cards for their customers who were affected, which amounted to issuing over 2 million replacement cards. You can do the math! Some banks chose not to automatically issue new cards and went the route of monitoring the accounts affected, however, there are still costs associated with monitoring and providing additional protection for those accounts.
These card holders are expected to file action against Target for those additional costs. Which brings up probably the most obvious of costs associated with a data breach: fines and litigation. Depending on the company and the regulations for the industry, companies can face millions of dollars in fines and litigation from a data breach. Commonly, the company gets fined for the actual breach and the people affected; and then they get fined for not having secure policies in place to avoid such a breach in the first place. Then circle back in the litigation from the banks and the time allocated towards litigation. The dollar amount just keeps going up.
Companies who experience a data breach should expect additional costs in all types of directions. Fines, litigation, loss of potential customers, and more. In Target’s case, they are also offering one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores. This offer is one small step to rebuilding their brand and cleaning the rust off their reputation.
B&L Associates helps companies prevent a security breach by ensuring that all offline IT assets are secure. If you are interested in helping your company avoid these costs, visit our website at www.bandl.com.