Target breach to cost retailer millions

Data breach that enabled hackers to get hold of millions of customer credit card details will cost Target

Have a conversation about data breaches and the same word always crops up as 'Target' is referenced as a recent and large scale example of just what can go wrong when the security is not in place to protect information.

Now along with quoting the retailers name and referencing the breach, which took place in December 2013 and impacted millions of customers who had credit card details stolen, resellers can also chuck in the sum of $10m.

Target has been ordered to pay $10m (£6.74m) to those customers that were hit by the breach with each claimant getting up to a possible $10,000 in damages.

On top of those charges the US retailer will also have to take steps to demonstrate that it has improved and implemented more robust security measures to prevent the problem reoccuring.

An incident like the Target breach provides plenty of grist for the security channel's mill but up until this point has largely been about the cost of reputation as the firm gets name checked globally for all the wrong reasons.

The introduction of a settlement fee, which Target has not contested, is perhaps of more concern to those firms that continue to ride their luck with data security hoping not to fall victim to a breach.

The scale of the potential problem in the UK was laid bare earlier this week when Experian research revealed that 34% of UK firms did not have a data breach response plan.

Even those that did had fairly limited plans that often failed to include crisis communication elements and a legal support element that could be of use given the potential fines that might come later on.

“The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers," said Amir Goshtai, managing director, Affinity Experian Consumer Services.

In a recent guide to improving data security Ian Kilpatrick, chairman of Wick Hill, stated that the issue was very much under the spotlight because of some of the high profile cases.

"Starting from the premise that, as all the high profile cases have shown (and the significantly greater number of unreported failures), it is now not possible to guarantee defence against data breach. However, it is still possible to defend critical data against breach, if that data is identified and defended," he said.

"There’s no rocket science here.  Just a review and reappraisal, from a business perspective, of what our goals are and what is important, coupled with a desire, through defence and training, to protect it," he added.

Read more on Data Protection Services