Target, other retailers sorry about data breaches but somehow they just keep happening

Email  Print Print  

Target data breach just more of the same for consumers

This week I got an electronic mail from Target containing some sad news.

Addressed with maximum sincerity to “Dear Target Guest,” (I always get a warm fuzzy feeling when they call me that) the email notified me that in addition to the theft of 40 million customers’ payment information reported in December, thieves had also gained access to the personal information of 70 million customers, including our names, mailing addresses, phone numbers, email addresses and maybe other stuff.

Because they couldn’t find a card at Hallmark for “Sorry we lost all your data and exposed you to the chance of catastrophic fraud,” Target is offering us free Experian identity theft insurance and credit monitoring, worth $191.40 if we were to buy it on our own. Fortunately, the free ID theft services will last a year, so that will give me plenty of time to change my name, move, get a new phone number and otherwise cover my tracks so identity thieves don’t get a credit card in my name and max it out on leather bustiers after the services run out.

Yes, despite the heartfelt apologies and full page newspaper ads, this data breach, like others that regularly occur at the nation’s retailers, will almost certainly have some really annoying and potentially disastrous effects for consumers.

Target data breach email

Full extent of damage still unknown

Fortunately for everyone’s favorite highfalutin big box store, the PIN numbers stolen by the thieves in the Target data breach were encrypted, offering some hope that criminals won’t be able to print out their own personal copies of your debit and credit cards and use them to withdraw cash directly from ATMs, says Susan Grant, director of consumer protection for the Consumer Federation of America.

Even if criminals do manage to crack the payment details, it’s not the end of the world, she says.

“In this case I think that the chances of consumers actually losing money, at least through the initial breach, are probably fairly slim because most of the credit and debit cards issuers have zero liability policies,” Grant says. “Of course if it’s debit, you’re going to have to wait to get the money re-credited to your account. But it’s a hassle.”

What’s next for victims

The theft of customers’ personal information may end up having the larger impact in the long run. Many customers will likely be besieged with emails and other communications from scammers armed with the stolen personal details looking to grab their Social Security numbers and other “out of wallet” information, a practice known as “phishing.”

A 2013 study by Javelin Strategy and Research found that 22.5 percent of consumers who had been notified they were victims of a data breach in 2012 had also been victims of identity theft, versus just 5.3 percent for the general population.

Ironically, Target’s efforts to help victims may actually provide an opening for phishing attacks, Grant says.

“The ID theft service that Target has hired will undoubtedly be asking people for their Social Security Numbers in order to monitor their credit records,” Grant says. “So it becomes really hard for consumers to be able to tell what’s a legitimate message that they’ve gotten, or call or letter, and what’s a scam.”

If contacted by an entity claiming to be their bank or the retailer, instead of replying, consumers should attempt to contact them directly through a verified customer service number or email address, Grant says.

So far, Target has been telling victims they don’t need to worry about changing their account numbers or debit cards. But if you did make any debit card or credit card purchases at Target between Nov. 27 and Dec. 15, you may want to consider doing so just to avoid having to deal with fraudulent debit card or credit card purchases later on, Grant says.

The problem with the typical post-breach playbook

Target is hardly the first retailer that’s had an incident like this. Big retailers — including T.J. Maxx and Neiman Marcus — have also had major incidents, as have plenty of non-retailers, including Sony, the U.S. military and Adobe Systems.

But doing things like buying victims a year of free ID theft protection are great and all, but they’re more of a PR move than a solution to the problem. Once that information is out there on the dark net, there’s no way to get it back, and in an era when companies are collecting and storing more information about customers than ever (“Big Data” is everyone’s favorite buzzword these days), that’s disconcerting.

In fact, among retailers, Target is renowned for its ability to collect and analyze personal data on customers, famously figuring out a Minneapolis teenager was pregnant even before her father did.

“There’s lots of advice for consumers about securing their own computers against hackers, but when your information is in somebody else’s hands, you’ve got no control over that,” Grant says. “Target needs to do a better job of securing people’s data.”

Target has already pledged to invest $5 million in a corporate coalition dedicated to cybersecurity (for some perspective on that amount, understand that Target’s total revenue for 2012 alone was $73 billion).
But even when they invest meaningful sums of money on beefing up their security, it seems unlikely corporations will be able to prevent further breaches from happening. As long as those massive databases exist, they’ll be a ripe target for thieves.

“Really skilled con artists want to know as much as they can about somebody in order to tailor a pitch to them, just the way legitimate advertisers are making the argument that they want more information about people in order to personalize offers,” Grant says. “That’s equally useful to scammers.”

Cutting back on the customer data they store seems like one way retailers could minimize the impact of breaches on consumers — after all, thieves can’t steal something they don’t have.

But that seems unlikely. Ultimately, the potential profits from being able to do things like send a sales pitch for baby formula to expectant mothers just as they hit the second trimester probably far exceed whatever costs Target and other retailers incur from data breaches. That’s especially true because the costs for these incidents will be borne by consumers. In other words, the occasional massive wave of fraud is just the price we all pay for the joy of receiving targeted advertising.

That’s why, despite all the heartfelt apologies from CEOs and free credit monitoring and PR spinning and pledges to improve security that happen in the wake of data breaches, they’re likely to keep happening. The only thing consumers can really do is be vigilant for scams and try to limit the amount of data they hand out to retailers through tactics like feeding them “Jenny’s Number.”

What do you think? Did you get an email from Target? Have you ever been a victim of a data breach?

{ 7 comments, please add your thoughts now! }

Related Posts

RSS Subscribe Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.

7 Responses to “Target, other retailers sorry about data breaches but somehow they just keep happening”

  1. jeffbone says:

    Lessons Learned:

    1. Never use debit cards
    2. Never register for store loyalty programs

    The second-order effect of this incident is going to be a hit on retailers’ “Big Data”, as more consumers implement lessons #1 and 2 above.

  2. Patricia says:

    I agree with Jeff as to number one. 1. Use credit cards 2. Check statements regularly – credit cards and bank accounts Keep receipts and compare them to your statements. 3. Check credit reports – it is free at least once a year 4. If anything looks amiss, reach out immediately to resolve the issue. 5. Place a fraud alert on your account – you need to answer more questions when applying for credit; however, it makes it more difficult for fraudsters as well.

  3. Meagan says:

    I got one of those letters too! So annoying how they don’t really care about your personal data until it’s already been stolen. There seems to be a very thin line between advertising and scamming.

  4. ChrisCD says:

    I know I use my debit card too often, but I am just not disciplined enough to use a credit card and pay it off.

    I suppose using pre-paid/loaded cards would minimize some of that, but most of those I have seen have some sort of charge. Of course you still have to use something to load them.

    And E-Statements are great for the banks and all, but since it doesn’t come in the mail I have to remember to go look at them.

    I just need to create some better habits.
    cd :O)

  5. John C says:

    Another thing worth adding is that even if the vast majority of consumers have “zero-liability” policies with their card transactions, someone will have to pay for the fraudulent transactions that are bound to happen. This will be long be sorted out in court, and the banks and Target will likely share liability, but in the end they’ll recover their losses by increasing prices, increasing/adding bank fees, etc.

    This will hurt the consumer in the long run by AS MUCH, if not more, as the fraud ends up costing those covering our liability… think dollars stolen, legal fees, and everything. Similar to pollution, corporations will benefit from the inconveniences bestowed upon consumers and, peripherally, the general public.

  6. Tim Hawkins says:

    Why isn’t Target being held accountable to Visa’s CISP requirements like all other businesses?

    Ref: http://usa.visa.com/merchants/risk_management/cisp_overview.html

Please Leave a Reply
Bargaineering Comment Policy

Previous Article: «
Next Article: »
Advertising Disclosure: Bargaineering may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on links posted on this website.
About | Contact Me | Privacy Policy/Your California Privacy Rights | Terms of Use | Press
Copyright © 2016 by www.Bargaineering.com. All rights reserved.