DATA BREACH FATIGUE

Cybercriminals from Russia hack into a hotel chain’s computer network.  Stolen credit card numbers are sold on websites. Personal information is obtained from a popular restaurant chain. Almost on a weekly basis, we hear of a new data security breach even larger than the last.

This past week, JP Morgan revealed that customer names, addresses, phone numbers, and email addresses for 76 million households had been obtained through unauthorized access to their network. Home Depot confirmed a six-month breach of its payment system that affected at least 53 million credit and debit cards.

How has this affected business? 

Target saw retail sales drop just after the massive data security breach last year.  Costs incurred by Target related to the breach—including the cost of investigating the data breach, providing credit monitoring services to customers, and notifying customers, as well as fees for legal, computer forensics, technology consulting and other professional services—may exceed $148 million. Civil litigation, government investigations, and enforcement proceedings may add to these costs. Target’s stock price took a hit and key Target executives lost their jobs. Clearly, a data security breach can be an expensive lesson for any business.

But what about the customers?  Shoppers have returned to Target. And despite being hit by two of the largest data security breaches ever seen in the retail and banking industries, Home Depot and JP Morgan have not experienced the same negative impact on their stock or retail sales as Target.  

According to the Identity Theft Resource Center, there have already been 579 data breaches within the last year.  Target. Jimmy John’s. PF Chang’s. Neiman Marcus. Michaels. SuperValu. Home Depot. JP Morgan. Consumers may just be tired of hearing, almost on a weekly basis, about the latest and greatest data breach. Chalk it up to data breach fatigue. Here we go again—another massive data breach. 

Consumers may now simply accept these data breaches as unavoidable. And what harm is there to the consumer?  According to the Fair Credit Billing Act, consumers are not on the hook for fraudulent charges or liable for unauthorized purchases made with a stolen credit card. Throw in the free credit monitoring services offered by businesses affected by breaches and consumer response may be like the old Alfred E. Neuman adage: “What, Me Worry?“

So if you are a consumer, get ready for the next big data breach, but check out those sales and shop where you get the best deals. If you run a business, make sure that you are prepared: you must still take these data breach and security threats very seriously. They can be very costly. Just ask Target. 

For guidance on how a business can prepare for a data breach, read pages 121-138 in A Legal Guide to Privacy and Data Security.