You have reached your limit of free articles this month.

Enjoy unlimited access to

Starting at just 99¢ for 8 weeks.


  • ePAPER

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and interactive features. Starting at just 99c for 8 weeks.


Welcome to

Your source for Clark and Champaign counties’ hometown news. All readers have free access to a limited number of stories every month.

If you are a News-Sun subscriber, please take a moment to login for unlimited access.

Data breaches costly for retailers, customers

Security breaches at major retailers including Target and Neiman Marcus in which thieves stole payment card information from millions of customers could erode consumer confidence, and have costly and lasting effects for those companies, local retail experts said.

Target Corp. last week disclosed that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December.

WHAT YOU NEED TO KNOW: Timeline, victim info, how to get help

On Saturday, luxury retailer Neiman Marcus confirmed that hackers stole credit and debit card information from up to 1 million customers and made unauthorized charges over the 2013 holiday season.

It is unclear if Target customers saw unauthorized charges as a result of the breach.

“This is going to affect those retailers, especially Target, in a very negative way,” said Serdar Durmusoglu, a University of Dayton associate professor of marketing.

Area shoppers said they would continue to shop at Target, although personal and payment card information for up to 110 million customers was stolen in a pre-Christmas data breach. Minneapolis-based Target, the nation’s second-largest discount retailer, has 1,792 stores in the U.S.

“I’m not really too worried,” said Ann Mort of Middletown. “I’ve been to Target since then and used a credit card.”

Credit and debit card information from 40 million Target customers was taken during the breach that happened from Nov. 27 to Dec. 15. An internal investigation revealed that names, mailing addresses, phone numbers or email addresses for up to 70 Target million customers also may be at risk. Some overlap exists between the two groups, officials said.

Target officials said the breach was caused by malicious software, known as “malware,” that was installed on point-of-sale registers at its U.S. stores.

“It looks like something was clearly lacking in their software, that they weren’t able to detect this,” Durmusoglu said.

Beyond personal and payment card information, Target could have access to customers’ medical information through its pharmacies, and driver’s license data through liquor sales, he said.

Retailers use information systems to manage customer relationships, but databases containing lucrative consumer data are attractive targets for hackers and identity thieves, experts said.

According to the Privacy Rights Clearinghouse, more than 662 million records have been involved in data security breaches since 2005.

In 2007, more than 90 million records were stolen from TJX Cos. Inc., the parent company of T.J. Maxx and Marshalls. The incident cost the retail chain a reported $256 million.

“It took them some years to recover from it, not only with respect to customer trust, but with respect to paying for some of those credit cards being misused,” Durmosoglu said.

Consumers are protected against data breaches by federal and state law.

The Ohio Attorney General’s Office has enforcement authority over the state’s Security Breach Notification Act and violations under the Consumer Sales Practices Act.

“There is no relevant public legal action to discuss,” said Kate Hanson, a spokeswoman for the AG’s office.

The AG’s office also offers tips and assistance to Ohioans who suspect they have been victims of data breaches.

“Consumers should be vigilant in reviewing their credit card statements for mysterious or unfamiliar charges. If they find suspicious charges, they should contact their bank or credit card provider,” Hanson said.

JPMorgan Chase Bank last month temporarily limited 2 million potentially affected customers’ use of debit cards and Chase Liquid cards at ATMs and for purchases until new cards could be reissued, said Emily Smith, a Chase spokeswoman.

“We continue to monitor our customers’ accounts with sophisticated tools,” Smith said. “We encourage our customers to monitor their accounts and contact us if they see any transactions they don’t recognize. Electronic Benefit Transfer recipients should contact their agency and local authorities.”

Less than 10 percent of Chase’s customers were affected by the Target breach, she said.

The U.S. lacks strong federal laws regarding data breaches, leaving it for states to address, said Thaddeus Hoffmeister, a UD professor of law. “Some states, like California, have pretty good laws; other states, not so much,” he said.

Hoffmeister said Congress should establish national standards for reporting data breaches, as well as tougher penalties for companies whose information is accessed improperly.

Target has apologized and advised customers “they will have zero liability for the cost of any fraudulent charges arising from the breach.”

The company also said customers will have until April 30 to sign up for one year of free credit monitoring and identity theft protection for all guests who shopped in Target stores in the U.S.

Mort said customers received $5 gift cards last week at the Middletown Target. “I think they’re doing everything they can to keep their customers happy,” she said.

Retailers such as Target use store credit cards that offer discounts to build customer loyalty. However, consumers may refuse such cards in the future for fear that they aren’t secure, especially if they are tied to the customer’s bank account, Durmusoglu said.

Credit card companies including Visa, MasterCard, American Express and Discover reportedly plan to transition from magnetic strip payment cards to secure chipped Smart Card technology by October 2015. The Smart Cards are used in about 80 countries and contain an encrypted microchip, experts said.

Existing payment methods such as personal checks and cash also have their drawbacks, Durmusoglu said.

Checks typically contain personal information, including a name, mailing address and bank account number. Carrying cash isn’t convenient, “and depending on what kind of a neighborhood we’re talking about, it also may not be the safest way to go,” he said.

Reader Comments ...

Next Up in Business

Gmail phishing scam may lead users to give up login info
Gmail phishing scam may lead users to give up login info

A new phishing scam is allowing hackers to gain access to unsuspecting Gmail users' accounts and target their login credentials, according to recent reports. Mark Maunder, CEO of security service Wordfence, described the scam in detail in a blog post, adding that it is also targeting other services beyond Gmail. Tech Times reported that the scam involves...
Millennials spend more on coffee, save less for retirement
Millennials spend more on coffee, save less for retirement

A large number of Millennials spent more on coffee in the past year than they invested in their retirement savings, according to a new study. » RELATED: What makes Millennials tick in the workplace? It may surprise you About 41 percent of the Millennials — ages 18 to 35 — admitted to spending more on coffee than they saved for retirement...
Some worry over impact from health care law repeal
Some worry over impact from health care law repeal

The U.S. House of Representatives on Friday joined the U.S. Senate in passing a budget reconciliation measure that would allow Congress to de-fund key elements of the Affordable Care Act, including tax credit subsidies and federal funding for Medicaid expansion in states like Ohio. While some are rejoicing over the move, replacing President Obama&rsquo...
Will Obamacare repeal leave people in the lurch?
Will Obamacare repeal leave people in the lurch?

As Congress moves forward on a resolution to repeal the Affordable Care Act, experts have warned such a measure could crash the law’s commercial insurance program, jeopardizing coverage for 11.5 million Americans, including more than 230,000 Ohioans. But local industry leaders remain hopeful that congressional Republicans — who are leading...
Holiday retail sales up, but some stores suffering
Holiday retail sales up, but some stores suffering

Retail sales hit about $658 billion for the holiday season, but several chain retailers still announced the closures of hundreds of unprofitable brick-and-mortar stores in January — including several stores locally. “These numbers show that the nation’s slow-but-steady economic recovery is picking up speed and that consumers feel...
More Stories