Data Breaches, Data Breaches Everywhere
The payments industry is constantly evolving. In the past five years dozens of new payment systems have been developed. Unfortunately, crime evolves just as quickly, leading to highly publicized incidents such as the recent data breaches at Home Depot and Target.
This series is designed to educate merchants that are accepting credit cards, and make sure that small and local business data security is not overlooked. Local businesses are not protected by corporate firewalls, private security firms, nor monitored by the Department of Justice – it’s up to independent merchant services providers to inform merchants of the risks and how to reduce them.
Part one will focus on the largest and most publicized data breaches on large businesses across the country in 2013.
Part two will provide information about policies and regulations, prevention details, and best practices for merchants to protect their security and their customer’s information.
Part three will cover the Choice Merchant Solutions EMV Readiness Program – including the benefits of processing with Choice, the limited-time incentives for early sign-up, and the best way to spread the word about EMV.
Part 1: The largest data breaches of 2013.
The data breach into Target Corporation’s system took place during late 2013. It started the day before Thanksgiving, and continuing until the 15th of December – the peak of the holiday shopping season. About 110 million customers were affected, including 40 million unique compromised cards.
As of August, Target estimates that the overall cost of the data breach is $148 million. In response, the company has accelerated its plans to spend $100 million investing in new technology in order to decrease the possibility of a repeat incident and ease consumers fears.
PF Chang’s China Bistro
National restaurant chain PF Chang’s suffered a similar breach, which started in October 2013 and continued until June 2014. While the length of the breach was longer, the amount of information compromised was lower due to the size of the company – although conclusive statistics were not published.
The cost of the breach is still unknown, despite affecting 33 locations across 18 states. In response, the chain switched to using carbon slips to process credit and debit cards – exchanging digital security for human error – in lieu of using built-in point of sale systems.
Luxury department store Neiman Marcus was compromised mid-July 2013, and the breach continued until late October. Originally, NM declared that approximately 1.1 million customers were effected, but later revised that estimate to 350,000. In mid-June, it was confirmed that about 9,200 unique cards were used fraudulently.
While the Neiman Marcus data breach had considerably less reach, the response by the company has been similar to the reactions of larger companies. The company has offered credit monitoring and identify theft services to anyone who made purchases at the chain in 2013.
2013 was a record year for data breaches – over 800 million customer records were compromised. While there were approximately 1000 fewer incidents in 2013 than the prior year, there were over three times as many records exposed. Hackers are getting better, more sophisticated, and focusing their efforts.
These three events show the spectrum of data breaches – there is no criteria that makes a company more appealing for an intrusion. Retailers such as Michael’s and Aldi’s have also been affected. Software provider Adobe Systems was the victim of the largest data breach in history, with approximately 152 million records exposed – including credit and debit card information.