Consumer-targeted data breaches have been the norm in recent days. It all started with small breaches in several major companies including; Choicepoint, LinkedIn, TJ Max, Twitter, and the Adobe Systems. Today, we see millions of records being lost in single breaches (Target, Kickstarter, the Sands Casino, White Lodging, and Neiman Marcus come to mind). In each of these cyber attacks, the hackers were not primarily after the companies’ intellectual property or trade secrets; they were hunting consumer records. That’s right, they were after your information because it promises even more returns.
It has been widely reported that Target has lost about $240 million so far in the infamous breach. Sources suggest that this amount excludes the fraudulent charges individual consumers had to fight. Additionally, the said cost was split among a significant number of financial institutions whose customers were affected. Nevertheless, Target insisted that it would only lose 2-6 percent of annual revenue, and only inside the first quarter.
Perhaps this is the reason data breaches will not go away any soon. Apparently, the involved companies aren’t losing so much money. What this means is that they can usually bounce back pretty fast. In the absence of stricter laws forcing them to better protect your information, they just aren’t losing enough money to force their hand.
Meanwhile, we – the consumers – will end up with a heavier burden as we are the same ones who have to pay to offset the losses incurred by these companies. We end up paying higher account fees while getting lower service levels so that the companies can recoup the lost money.
The situation would have been totally different if we had better laws that forced companies to show more urgency in protecting customer information. But as it appears, those laws aren’t coming any soon.
Even worse is the fact that the government appears completely toothless when dealing with the matter. Recently, the White House released a statement regarding the ongoing cyber-security issue. Interestingly, instead of addressing the matter full-force, the statement was more of a reminder to the affected companies about the potential impact of a breach to the companies’ goals. Surely, these people know that data breaches are costly. The only reason they aren’t really worried is because they can always offset the losses by “requesting” the consumer to pay more.
If someone can’t force these companies to rethink their strategies, data breaches won’t be going away any soon. For merchants, maybe this is another good reason you need to get a high risk merchant account.