You have reached your limit of free articles this month.

Enjoy unlimited access to

Starting at just 99¢ for 8 weeks.


  • ePAPER

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and interactive features. Starting at just 99c for 8 weeks.


Welcome to

Your source for Clark and Champaign counties’ hometown news. All readers have free access to a limited number of stories every month.

If you are a News-Sun subscriber, please take a moment to login for unlimited access.

Data breaches costly for retailers, customers

Security breaches at major retailers including Target and Neiman Marcus in which thieves stole payment card information from millions of customers could erode consumer confidence, and have costly and lasting effects for those companies, local retail experts said.

Target Corp. last week disclosed that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December.

WHAT YOU NEED TO KNOW: Timeline, victim info, how to get help

On Saturday, luxury retailer Neiman Marcus confirmed that hackers stole credit and debit card information from up to 1 million customers and made unauthorized charges over the 2013 holiday season.

It is unclear if Target customers saw unauthorized charges as a result of the breach.

“This is going to affect those retailers, especially Target, in a very negative way,” said Serdar Durmusoglu, a University of Dayton associate professor of marketing.

Area shoppers said they would continue to shop at Target, although personal and payment card information for up to 110 million customers was stolen in a pre-Christmas data breach. Minneapolis-based Target, the nation’s second-largest discount retailer, has 1,792 stores in the U.S.

“I’m not really too worried,” said Ann Mort of Middletown. “I’ve been to Target since then and used a credit card.”

Credit and debit card information from 40 million Target customers was taken during the breach that happened from Nov. 27 to Dec. 15. An internal investigation revealed that names, mailing addresses, phone numbers or email addresses for up to 70 Target million customers also may be at risk. Some overlap exists between the two groups, officials said.

Target officials said the breach was caused by malicious software, known as “malware,” that was installed on point-of-sale registers at its U.S. stores.

“It looks like something was clearly lacking in their software, that they weren’t able to detect this,” Durmusoglu said.

Beyond personal and payment card information, Target could have access to customers’ medical information through its pharmacies, and driver’s license data through liquor sales, he said.

Retailers use information systems to manage customer relationships, but databases containing lucrative consumer data are attractive targets for hackers and identity thieves, experts said.

According to the Privacy Rights Clearinghouse, more than 662 million records have been involved in data security breaches since 2005.

In 2007, more than 90 million records were stolen from TJX Cos. Inc., the parent company of T.J. Maxx and Marshalls. The incident cost the retail chain a reported $256 million.

“It took them some years to recover from it, not only with respect to customer trust, but with respect to paying for some of those credit cards being misused,” Durmosoglu said.

Consumers are protected against data breaches by federal and state law.

The Ohio Attorney General’s Office has enforcement authority over the state’s Security Breach Notification Act and violations under the Consumer Sales Practices Act.

“There is no relevant public legal action to discuss,” said Kate Hanson, a spokeswoman for the AG’s office.

The AG’s office also offers tips and assistance to Ohioans who suspect they have been victims of data breaches.

“Consumers should be vigilant in reviewing their credit card statements for mysterious or unfamiliar charges. If they find suspicious charges, they should contact their bank or credit card provider,” Hanson said.

JPMorgan Chase Bank last month temporarily limited 2 million potentially affected customers’ use of debit cards and Chase Liquid cards at ATMs and for purchases until new cards could be reissued, said Emily Smith, a Chase spokeswoman.

“We continue to monitor our customers’ accounts with sophisticated tools,” Smith said. “We encourage our customers to monitor their accounts and contact us if they see any transactions they don’t recognize. Electronic Benefit Transfer recipients should contact their agency and local authorities.”

Less than 10 percent of Chase’s customers were affected by the Target breach, she said.

The U.S. lacks strong federal laws regarding data breaches, leaving it for states to address, said Thaddeus Hoffmeister, a UD professor of law. “Some states, like California, have pretty good laws; other states, not so much,” he said.

Hoffmeister said Congress should establish national standards for reporting data breaches, as well as tougher penalties for companies whose information is accessed improperly.

Target has apologized and advised customers “they will have zero liability for the cost of any fraudulent charges arising from the breach.”

The company also said customers will have until April 30 to sign up for one year of free credit monitoring and identity theft protection for all guests who shopped in Target stores in the U.S.

Mort said customers received $5 gift cards last week at the Middletown Target. “I think they’re doing everything they can to keep their customers happy,” she said.

Retailers such as Target use store credit cards that offer discounts to build customer loyalty. However, consumers may refuse such cards in the future for fear that they aren’t secure, especially if they are tied to the customer’s bank account, Durmusoglu said.

Credit card companies including Visa, MasterCard, American Express and Discover reportedly plan to transition from magnetic strip payment cards to secure chipped Smart Card technology by October 2015. The Smart Cards are used in about 80 countries and contain an encrypted microchip, experts said.

Existing payment methods such as personal checks and cash also have their drawbacks, Durmusoglu said.

Checks typically contain personal information, including a name, mailing address and bank account number. Carrying cash isn’t convenient, “and depending on what kind of a neighborhood we’re talking about, it also may not be the safest way to go,” he said.

Reader Comments ...

Next Up in Business

INSIDE LOOK: Nearly $1M home for sale near Piqua
INSIDE LOOK: Nearly $1M home for sale near Piqua

A custom-built home on U.S. 36 near Piqua is for sale for more nearly $1 million. The custom two-story home is located at 1538 E. U.S. 36 outside Piqua in Miami County and is listed for sale by Coldwell Banker at $949,900. The house has 8,500 square feet of living space, with five bedrooms, five full baths, 3 half baths, 3 fireplaces, study, media...
Nordstrom selling work jeans covered in fake mud for $425
Nordstrom selling work jeans covered in fake mud for $425

  After it was ridiculed for selling designer rocks at Christmas, Nordstrom may have topped itself with its latest offer. The department store is offering a pair of jean covered in fake mud for a whopping $425. The retailer described its new Barracuda Straight Leg Jeans on its website as "rugged Americana workwear that's seen some...
STORE CLOSINGS: Sears to close 50 auto centers
STORE CLOSINGS: Sears to close 50 auto centers

Sears Holdings is set to close 50 Auto Center locations, the company announced. Sears updated investors last week on its strategic restructuring program, stating the company aimed to save $1.25 billion through some store closures in 2017. The company already announced it would close 108 Kmart stores and 42 Sears locations. » RETAIL APOCALYPSE...
Two area health systems named Top 15 in nation
Two area health systems named Top 15 in nation

Kettering Health Network and Mercy Health have been named two of the Top 15 health systems in the nation by the international business research firm Truven Health Analytics. It’s the fifth appearance on the Top 15 list for the Dayton-based Kettering system, comprised of eight hospitals, including Kettering Medical Center, Fort Hamilton, Soin...
675 Ohioans complained about mortgage servicer sued by feds
675 Ohioans complained about mortgage servicer sued by feds

State and federal authorities have sued mortgage servicer Ocwen Financial Corp., saying the company botched the handling of millions of mortgage accounts, including 675 Ohio complaints. The Consumer Financial Protection Bureau said Thursday that the accounts Ocwen serviced were riddled with errors throughout the repayment process. It said the company...
More Stories