While consumers weren't so freaked out over past data breaches at TJX Cos., Genesco Inc. or even Schnuck Markets, Target may be another story.
The theft of data from up to 40 million credit and debit cards used at Target's stores that began over Thanksgiving weekend became the lead story on most news broadcasts on Thursday. The grim reports urged consumers to check their credit cards for suspicious charges, call toll free numbers with concerns, and take down numerous tips to avoid identity theft.
For the security world, the surprise was the speed of the hacking. The infraction was carried out over 19 days, from the day before Thanksgiving to this past Sunday. The largest breach against a U.S retailer previously occurred at TJX Co., the parent of T.J. Maxx and Marshalls. Uncovered in 2007, TJX exposed some 45 million-card users to fraud but the theft took over 18 months. Security measures have been greatly enhanced since that time.
For Target, a small to extremely large bill is coming. It's still unknown how many customers were affected but TJX wound up paying $250 million in remediation expenses, settlements of bank claims, credit monitoring services for victims, legal fees and fines.
For all retailers as well as Target, it's unknown whether shoppers will become more hesitant to use credit and debit cards and derail what's left of the holiday season. A brief pullback could crush the final weeks before Christmas, and several reports heard shoppers vowing to use only cash this holiday.
Consumers apparently aren't liable but face the minor to major chore of cleaning up their credit accounts.
"Thank you Target for nearly costing me and my wife our identities, we will never shop or purchase anything in your store again," said one posting on Target's Facebook page.
"Shop at Target, become a target," remarked another. "Gee, thanks."
Target's REDcard private label debit and credit card, which provides a 5 percent discount on every purchase, has been a major loyalty driver and is tied to many programs. But the bigger issue for Target is its name being directly tied to the breach.
"All consumers will hear is that Target is not a safe place to use your credit card," said Carol Spieckerman, president of newmarketbuilders. "That impacts trust, which in turn can impact retail's fastest-growing and most trust-sensitive touch points: online and mobile."
Mark Bower, director of information protection solutions at Voltage Security, told RetailWire that with increasing adoption of point-to-point encryption, page encryption, and tokenization technologies to remove the cardholder data from retail and e-commerce systems, these kinds of data breaches will decline. But he said any data breach creates nervousness and can impact consumer confidence in retailers.
"Some may resort to cash or check, but with the continued growth in e-commerce, especially at this time of year, consumers don't have many choices," said Mr. Bower.
How big of an impact on remaining holiday sales do you expect from the Target data breach?