Top Data Breaches in Retail
Top Retailer get’s Rocked by a 9.8 Million Dollar Data Breach
Just recently, Eddie Bauer agreed to a $9.8 million data breach class action settlement with Veridian Credit Union. A data breach at Eddie Bauer, that occurred in January 2016, exposed as many as 1 million customer accounts.
Since retailers commonly accept electronic payments from their customers, they are inevitably vulnerable to prevailing security threats. It’s not only customers’ financial information that is at stake but also their personal information. Not to mention, a breach can have a devastating impact on the retailer’s reputation. Despite the graveness of these consequences, the data breach incidents among retailers seem to be on the rise. It’s 2019, and retailers know now, more than ever, the importance of spending on IT security; however, the increased security budgets are not yielding the desired results. This is, perhaps, partly due to the increasingly sophisticated cyber attacks, and partly due to retailers investing their resources in taking up the wrong security measures.
Growing Data Threats with Digital Transformation
Apparently, the number of data breach incidents making it to the news is increasing each year. As more and more retailers undergo a digital transformation, they put themselves at a greater risk of inadvertently exposing customer data. Most of the retailers are leveraging cloud, big data and containers to expand their reach, provide a better customer experience and grow their business. However, in the absence of an adequate security infrastructure, everything can easily come crashing down as it did for Eddie Bauer.
Using sensitive customer data demands addressing the unique security challenges associated with the complicated, technologically-advanced environments. The growing security challenges are, fortunately, well-recognized in the retail business. However, the response does not seem to be in-line with the risk. The customers, on the other hand, are getting more dependent on technology as well. The savvy customers demand information security without compromising their buying experience.
Data Breaches Serving as a Real Eye Opener
Neiman Marcus ended up paying a $1.5 million settlement over a data breach. The 2017 breach at Hudson’s Bay was one of the most devastating in the retail industry. About 5 million credit and debit card numbers were compromised as a result of security attacks carried out on the in-store point-of-sale systems in several Lord & Taylor, Saks Off 5th and Saks Fifth Avenue stores.Nordstrom, Amazon, Adidas, Macy’s and Bloomingdales, and Panera Bread have all reported significant breaches in the recent years.
More concerning is the fact that a number of these breaches went unrecognized or unaddressed for months. Panera Bread’s website had been leaking customer data for at least 8 months before the issue was resolved. But by this time, more than 37 customers’ personal information and last 4 digits of their credit cards had already been exposed. Alarmingly, the customer data was available on the site, in plain text, all this time.
Additional Retailers Coming out of Pocket
The actual cost of a data breach is often miscalculated and underestimated. In the past years, Home Depot underwent a data breach that exposed 40 million credit card numbers and about 52 million email addresses. Eventually, Home Depot agreed to pay $19.5 million to its customers and another $25 million to the financial institutions that were involved in the class action lawsuit against it. Another huge data breach occurring at Target compromised documents with 42 million credit and debit card numbers and personal information of about 61 million of its customers. Target had to pay $18.5 million to states and $10 million to the affected customers in settlement. No to forget the $9.8 million that Eddie Bauer will be paying in compensation to settle the class action lawsuit over a data breach.
The enormous sums of money still do not represent the actual cost of data breaches. It is the bad reputation and loss of customer trust that outweighs the monetary costs.
In Conclusion – Focus on Prevention and Detection
News of one data breach or another always seems to be around. Retailers must do all in their power to ensure that they don’t end up landing on one of those headlines. Retailers gather valuable customer information through loyalty programs and various other means. The responsibility of securely managing the data also lies on their shoulders. They should choose their technology partners wisely. Working with a compliant partner should be a priority for maintaining customer trust and loyalty. Carrying out comprehensive risk assessments, following standards, and awareness campaigns, trainings and workshops for employees are all very important aspects of dealing with the sophisticated threats lingering in today’s IT infrastructures.
Retailers should focus on prevention and detection, but they should progress with a basic assumption that data breaches are inevitable. Therefore, having a response strategy in place is crucial. The upfront cost of addressing data threats may seem like a lot, but in the long run, it can save companies from major financial and reputation loss.