Target Brands Inc.’s recent high-profile data breach has certainly sparked lots of attention from both the press and the general public. The controversial breach occurred at its stores during 2013’s holiday shopping season, from November 27th until December 15th. It is reported that over a staggering 70 million customers were victims of the breach, having the vast majority of their personal information stolen. Target originally estimated that the number of victims was 40 million, but how wrong were they?
After reporting the breach, it will now be a long and expensive process for Target to regain its reputation (if it ever will, that is) and get to the bottom of why the breach happened in the first place. As well as the legal costs, a thorough investigation must be carried out to pinpoint the source of the breach, which may take a very long time.
Not only this, but Ross Federgreen, the founder of the data security firm that is CSR, said that data breach reporting usually costs retailers $10,000, at a minimum. It is the law that businesses must notify federal, state, local, and sometimes international agencies, whenever there is a breach. Although many small and middle-sized companies sweep breaches under the carpet’, Federgreen says that “failure to report is a big deal item” and includes “very serious dollars” in penalty fees. Large companies, like Target, can afford to have breach response teams, but small companies do not have this luxury. This highlights why breaches are often ignored within these types of businesses.
Despite this, breach reporting is still a big deal, and should never be avoided. With sky-high fees, class-action lawsuits, loss of sales and reputation, and, finally, possible criminal or civil prosecution, avoidance of reporting a breach is simply not worth it. Although a breach probably shouldn’t have occurred in the first place, they do happen, and companies should be prepared to deal with them if and when they do.
Apply for High-Risk Credit Card Processing Today!