Data breaches are becoming all too common in the retail and foodservice industries, as the technology becomes more accessible and credit cards become consumers' main form of payment. It seems no one is immune, with even the largest and most secure companies falling victim.
By 2020, more than 1.5 billion people, or roughly 1/4 of the world's population, will be affected by data breaches, according to predictions from International Data Corporation. In response to this, President Obama proposed The Personal Data Notification & Protection Act at the start of 2015, an attempt to create a uniform rule on data breaches. The law would give a company 30 days to let customers know if their personal information has been exposed. This is important because disclosing information about a breach early on is vital to maintaining positive customer relations. Additionally, the National Retail Federation called on Congress to "pass a strong and effective federal data breach notification law that applies to all entities that handle sensitive customer data" and establishes "a truly uniform nationwide standard."
However, these breaches are still occurring, sometimes with little transparency to customers. Most recently, Safeway announced the discovery of credit card skimmers at some of its stores in California and Colorado, releasing the information about a month after it was aware of the problem (which is in line with President Obama's proposal). It noted that the alleged skimming began in September, but was discovered in some stores in November. Other data breaches in 2015 included Wingstop restaurants, Natural Grocers by Vitamin Cottage, and Biggby Coffee.
Some businesses respond quickly and are able to control the breach before it gets too large, but in other cases, it can have quite a long lasting impact.
Take the case of Target Corp. Its 2013 data breach was huge, and it continued to affect the company's sales into 2015. Target was also required to pay $39.4 million to reimburse banks for losses it sustained following the breach, under the terms of a settlement in federal court. In a separate settlement with Visa Inc., it also agreed to reimburse thousands of financial institutions as much as $67 million and is working with MasterCard Inc. on a similar deal for its card issuers. To gain back customer trust Target has been investing heavily in security measures, as well as spending $1 billion to upgrade its technology and supply-chain infrastructure.
A data breach does not have to mean the end of a company, but it can be difficult to bounce back from. Keeping customers informed of a potential issue right from the beginning is an important way to stay ahead of the negative impact.