Lessons Learned from Target Data Breach

Even six months after the Target security breach — when the retail giant saw 40 million credit and debit card numbers, and 70 million addresses, phone numbers, and other pieces of personal information stolen by a widespread point-of-sale hack — the fallout for the major retailer remains grim.

Target’s first quarter sales dropped 16 percent from the previous year, and as of mid-June, the company’s stock had lost 11 percent since December 2013. In early May, CEO Gregg Steinhafel stepped down from his $23-million-a-year post — a move that followed the March resignation of CIO Beth Jacob. The breach is looking to be the largest in retail history, sparking 90-plus lawsuits, a Congressional hearing and free-falling sales figures for the big-box retailer.

Target is hardly alone in its woes. Since last year, data breaches on average have jumped 15 percent with an average cost to a company of $3.5 million, according to a new study sponsored by IBM and the Ponemon Institute.

While it’s clear that data breaches won’t be going away anytime soon, there are some important lessons we can learn from Target’s travails that could help to reduce — or even prevent — disastrous results in the future.

1) Speed Up Adoption of Encrypted Smart-Chip Credit Cards

Target CFO at the time John Mulligan (now interim CEO) told Congress in February that the retailer aims to integrate chip-enabled technology by the first quarter of 2015. This technology is significantly more secure than that used in magnetic-strip cards because it is much harder to reproduce and will thus foil more counterfeit scams. The U.S., in comparison to Europe, has lagged behind due to the replacement and manufacturing expenses involved. While plans regarding the future implementation of this technology have been discussed, they are not expected to go into effect until the end of 2015.

2) Emphasize Urgency and Transparency

The timing of the Target hack-in was admittedly bad — November 27 through December 15, which is the most crucial shopping season of the year. However, Target’s customer communication in the crucial days following the announcement was poor. Angry customers complained on Twitter and Facebook about not being able to access their Target Redcard accounts, being on hold for hours, and not being able to get through to the customer service line. The result? Brand loyalty took a hit. Target customers faced a breach in trust with the company, heightening the pain of the credit card breach.

3) Consider Breach Protection Services

Despite a company’s best efforts, and even after following strong security practices, breaches still happen. The result can be catastrophic. According to Associated Credit Fraud Examiners, 80 percent of breached small businesses experience bankruptcy or severe financial difficulties within two years of an initial breach. Just as malpractice insurance is a must for doctors, businesses would do well to purchase a breach protection plan from a third-party security provider or a payment processor.

4) Increase Investment in Cyber Security

While it may be a tough sell, plowing more money into cybersecurity is a wise investment. Respondents to the IBM and Ponemon global survey said they’d like to see spending on their organization’s security strategy and mission doubled from what they think will be spent (an average of $7 million) to what they’d like to see spent (an average of $14 million). The respondents are on the right track — findings show that strong security can actually result in a financially stronger company.

To learn more about other recent security breaches making headlines and for more information about steps you can take to prevent fraud and identity theft, visit our Education Center.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


Leave a Comment.