Business

Cheung: Thwarting hackers should be major concern for companies in future

Last week, Target agreed to pay MasterCard $19 million following a 2013 data breach that affected 40 million credit and debit card users.

In an age where hackers are getting smarter and electronic payments are getting more popular, it should be retailers’ top priority to spend the extra money and fortify their data protection systems.

The Target lawsuit is the latest settlement in a string of data hacks in the past couple years, hitting companies like Jimmy John’s, Staples and Michaels. Last year, Home Depot had data from 56 million credit and debit cards stolen.

The trend even extends beyond credit and debit card information. The personal information of 76 million households was stolen from JPMorgan Chase, the nation’s largest bank when measured in assets. New York state even admitted that over the course of eight years, hackers stole the private records of 22.8 million New Yorkers. And the most notable hack as of late has been Sony, which lost over 47,000 social security numbers and countless emails and documents in a highly publicized mess that involved U.S.-North Korea relations and the Seth Rogen movie “The Interview.”

It’s hard to quantify the financial costs to a company for breaches like these because they often involve the theft of information, not tangible assets.



But as seen by the Target lawsuit, credit card companies do incur costs associated with issuing customers new cards and covering any fraudulent transactions made with the stolen data. Credit cards are hoping to pass those costs along to the breached retailers in court and getting some compensation.

In the case of Target, those costs added up to $19 million, although some banks seemed to think that those costs should have been much higher. But for a company with a market cap valuation of $51 billion, $19 million is a drop in the bucket. And the cost of Sony’s disastrous hack? The company estimates $35 million in losses to “restore financial and IT systems,” which is also a minor setback for a company that made $75 billion in revenue last year.

For the time being, it seems as if retailers are more concerned with coping with the costs than investing into future protection. In a message from Target CEO Gregg Steinhafel, the company emphasized that it was conducting a thorough investigation and provided free credit monitoring services to those impacted.

There were no mentions of any preventative actions to be taken in the future.

Investors don’t seem to be concerned with the risk of hacks either. In its most recent quarter, Target beat expectations on its earnings per share, and saw an increase in sales of over a billion dollars. These positive results have kept investors optimistic about Target, choosing to ignore the potential financial impacts of future hacks.

Hackers will get smarter and the stakes will get bigger. As the Sony hacks showed, customer information isn’t the only thing at risk — employee information is at risk as well. There will come a time when pressure from customers, employees and investors will increase the pressure to better security systems.

Until then, maybe we’re better off just using cash.

Brian Cheung is a senior broadcast and digital journalism and finance dual major. His column appears weekly. He can be reached at bkcheung@syr.edu and followed on Twitter @bcheungz.





Top Stories