breaking news

Report: LeBron James ‘100 percent’ leaving Cavs in 2018

Data breaches costly for retailers, customers

Security breaches at major retailers including Target and Neiman Marcus in which thieves stole payment card information from millions of customers could erode consumer confidence, and have costly and lasting effects for those companies, local retail experts said.

Target Corp. last week disclosed that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December.

WHAT YOU NEED TO KNOW: Timeline, victim info, how to get help

On Saturday, luxury retailer Neiman Marcus confirmed that hackers stole credit and debit card information from up to 1 million customers and made unauthorized charges over the 2013 holiday season.

It is unclear if Target customers saw unauthorized charges as a result of the breach.

“This is going to affect those retailers, especially Target, in a very negative way,” said Serdar Durmusoglu, a University of Dayton associate professor of marketing.

Area shoppers said they would continue to shop at Target, although personal and payment card information for up to 110 million customers was stolen in a pre-Christmas data breach. Minneapolis-based Target, the nation’s second-largest discount retailer, has 1,792 stores in the U.S.

“I’m not really too worried,” said Ann Mort of Middletown. “I’ve been to Target since then and used a credit card.”

Credit and debit card information from 40 million Target customers was taken during the breach that happened from Nov. 27 to Dec. 15. An internal investigation revealed that names, mailing addresses, phone numbers or email addresses for up to 70 Target million customers also may be at risk. Some overlap exists between the two groups, officials said.

Target officials said the breach was caused by malicious software, known as “malware,” that was installed on point-of-sale registers at its U.S. stores.

“It looks like something was clearly lacking in their software, that they weren’t able to detect this,” Durmusoglu said.

Beyond personal and payment card information, Target could have access to customers’ medical information through its pharmacies, and driver’s license data through liquor sales, he said.

Retailers use information systems to manage customer relationships, but databases containing lucrative consumer data are attractive targets for hackers and identity thieves, experts said.

According to the Privacy Rights Clearinghouse, more than 662 million records have been involved in data security breaches since 2005.

In 2007, more than 90 million records were stolen from TJX Cos. Inc., the parent company of T.J. Maxx and Marshalls. The incident cost the retail chain a reported $256 million.

“It took them some years to recover from it, not only with respect to customer trust, but with respect to paying for some of those credit cards being misused,” Durmosoglu said.

Consumers are protected against data breaches by federal and state law.

The Ohio Attorney General’s Office has enforcement authority over the state’s Security Breach Notification Act and violations under the Consumer Sales Practices Act.

“There is no relevant public legal action to discuss,” said Kate Hanson, a spokeswoman for the AG’s office.

The AG’s office also offers tips and assistance to Ohioans who suspect they have been victims of data breaches.

“Consumers should be vigilant in reviewing their credit card statements for mysterious or unfamiliar charges. If they find suspicious charges, they should contact their bank or credit card provider,” Hanson said.

JPMorgan Chase Bank last month temporarily limited 2 million potentially affected customers’ use of debit cards and Chase Liquid cards at ATMs and for purchases until new cards could be reissued, said Emily Smith, a Chase spokeswoman.

“We continue to monitor our customers’ accounts with sophisticated tools,” Smith said. “We encourage our customers to monitor their accounts and contact us if they see any transactions they don’t recognize. Electronic Benefit Transfer recipients should contact their agency and local authorities.”

Less than 10 percent of Chase’s customers were affected by the Target breach, she said.

The U.S. lacks strong federal laws regarding data breaches, leaving it for states to address, said Thaddeus Hoffmeister, a UD professor of law. “Some states, like California, have pretty good laws; other states, not so much,” he said.

Hoffmeister said Congress should establish national standards for reporting data breaches, as well as tougher penalties for companies whose information is accessed improperly.

Target has apologized and advised customers “they will have zero liability for the cost of any fraudulent charges arising from the breach.”

The company also said customers will have until April 30 to sign up for one year of free credit monitoring and identity theft protection for all guests who shopped in Target stores in the U.S.

Mort said customers received $5 gift cards last week at the Middletown Target. “I think they’re doing everything they can to keep their customers happy,” she said.

Retailers such as Target use store credit cards that offer discounts to build customer loyalty. However, consumers may refuse such cards in the future for fear that they aren’t secure, especially if they are tied to the customer’s bank account, Durmusoglu said.

Credit card companies including Visa, MasterCard, American Express and Discover reportedly plan to transition from magnetic strip payment cards to secure chipped Smart Card technology by October 2015. The Smart Cards are used in about 80 countries and contain an encrypted microchip, experts said.

Existing payment methods such as personal checks and cash also have their drawbacks, Durmusoglu said.

Checks typically contain personal information, including a name, mailing address and bank account number. Carrying cash isn’t convenient, “and depending on what kind of a neighborhood we’re talking about, it also may not be the safest way to go,” he said.

Reader Comments ...

Next Up in Business

Sweepstakes scam drains older couple’s life savings
Sweepstakes scam drains older couple’s life savings

An older couple from West Liberty is out tens of thousands of dollars after falling prey to a telephone sweepstakes scam.  The Logan County husband and wife, who wish to remain anonymous, paid a total of $48,000 to a company that goes by the name Consumer Protection Bureau, which offered in return a cash prize of $600,000, according to a release...
Target discontinues popular brands, but sees increase in sales
Target discontinues popular brands, but sees increase in sales

Target Corp. has announced several changes including store redesigns and discontinuing some of its popular clothing brands, and the changes seem to be working in the retailer’s favor. The chain store increased its comparable sales and traffic growth, according to its second quarter earnings report. Second quarter comparable sales increased about...
3 reasons Facebook chose to build its $750M data center in Ohio
3 reasons Facebook chose to build its $750M data center in Ohio

Facebook plans to develop a $750 million data center in New Albany near Columbus, the social media giant announced on Tuesday. Ohio Gov. John Kasich and the social media company announced Facebook will build its 10th data center in New Albany, which is just northeast of Columbus. Kasich said the announcement is “further proof that Ohio is earning...
Trump attacks Amazon on Twitter again. Here’s why.
Trump attacks Amazon on Twitter again. Here’s why.

U.S. President Donald Trump criticized online retail giant on Twitter again, saying the company is “doing great damage to tax paying retailers.” Trump often criticixes the company and CEO Jeff Bezos, who owns The Washington Post. Trump tweeted that “towns, cities and states throughout the U.S. are being hurt - many jobs...
Air Force testing light-attack plane
Air Force testing light-attack plane

Four planes are in a dogfight of sorts over the skies of the New Mexico desert this month in the hope that one company will land a future lucrative Air Force contract for a light-attack plane. Air Force officials say the flights are part of a $6 million experiment and not a competition. The Air Force Strategic Development Planning and Experimentation...
More Stories