Target had big news for shoppers this past holiday season, and it wasn’t about a hot sale or the best deals of the year. The large discount retailer announced that it had experienced a tremendous data breach potentially involving 40 million of its customers. In the aftermath, Target faced a public relations and digital security nightmare that tarnished its otherwise fine reputation.
Malicious individuals penetrated Target’s electronic data storage systems, obtaining the personal details of its customers, from November 27 to December 15, 2013. Target’s handling of the situation was particularly inept: it stayed silent about the data leak until an independent researcher called attention to it. Three weeks after its initial announcement, the retailer issued a second statement that raised the number of affected customers to 70 million.
Computer security staff working on Target’s electronic systems had attempted to alert the retailer about potential vulnerabilities in those systems. A member of Target’s computer security team attempted to conduct a more thorough review of the retailer’s payment system but was unable to due to the busy Black Friday weekend.
On January 3, 2014, high-end retailer Neiman Marcus announced that it had also experienced a cyberattack during the holiday season. Once again, the breach came to light after an independent security researcher discovered that fraudulent charges on cards that had recently been used at a Neiman Marcus store. The retailer itself did not give specific information about the size or scope of the breach, but it confirmed that its defenses had indeed been compromised. However, Neiman Marcus has declined to comment on what concrete measures it is taking to ensure that its customer’s personal information will be secure in the future.
As businesses move to digital, they face ever greater risks of of security breaches. Identifying details such as passwords or credit card numbers could be maliciously used to commit identity theft and fraud. Security compromises undermine consumer confidence in companies that fail to protect sensitive information quickly dips–and rightly so. In an age when technology advances quickly, consumers grow ever more wary of technological risks to their security and privacy.
What can companies do to minimize the data breaches in the future? The ideal first step would be to test their own systems to see where they are vulnerable. A company could either contract external security firms to evaluate their systems periodically or could attempt to develop internal measures and processes to ensure the integrity of their digital security measures. However, it is much simpler for a firm to tackle these issues as they arise so the focus has been more on reacting to security breaches rather than preventing them from happening in the first place.
Since states have different laws regarding disclosure, the pace of investigation can easily drag on, as it has been in Target’s case. Members of Congress have called for a uniform federal standard governing how retailers must report data breaches. Senator Edward J. Markey of Massachusetts noted, “When a number equal to nearly one-fourth of America’s population is affected by a data breach, it is a serious concern that must be addressed.” Members of Congress, both in the Senate and the House of Representatives, are still debating the specifics of a legislative solution to the problem of consumer security and privacy.
Additionally, another measure that companies could pursue is the use of smart chips. An increasing number of consumers worldwide have access to the technology, which involves chips embedded in cards, and requires the input of a password to reduce fraud. However, the process of switching to this new technology will be fraught with complications and high costs, making retailers reluctant to adopt it.
The recent data breaches at Target and Neiman Marcus have exposed the personal information of millions of consumers and brought increased attention to the importance of cybersecurity. The integrity of security systems to protect this data is paramount as companies increasingly turn to digital solutions for storing this type of information. Companies have the ever-important responsibility of keeping both customer and employee information secure.
Ultimately, retailers have a lofty target to aim for: a higher standard of cybersecurity. Without it, consumers will hardly be eager to spend their hard-earned money in stores if they face the risk of their personal information being stolen.