Data breach implications, as seen first-hand by Target

In December 2013, Target, the American retail company, was hit by a cyber attack affecting up to 40 million card accounts and personal information from 70 million people.

Direct repercussions of Target’s data breach:

  • Costs in repairing the damage are said to be around $26 million.
  • Profits in the first quarter following the breach fell by 16%.
  • CEO Gregg Steinhafel, a 35-year company veteran, resigned in May.

Since suffering one of the biggest data breaches in retail history, Target has been struggling to recover its image. Sales in its US stores have decreased by 0.3%, driven by a falling number of transactions. As a result, Target is now cutting its prices in order to drive footfall to stores, even though it will affect profit margins further.

As a result of Target’s breach, US retailers launched the Retail Cyber Intelligence Sharing Center last month, which shares information and analyses data to help each other combat cybercrimes. American Eagle Outfitters, Gap, Nike, Safeway, and Walgreen are just a few of the retailers participating in this initiative. The US Department of Homeland Security, US Secret Service, and the FBI are also expected to take part in the initiative.

Global Information Security Director Ken Athanasiou from American Eagle commented:

“The reality is, cyber-criminals work non-stop and are becoming increasingly sophisticated in their methods of attack and by sharing information and leading practices and working together, the industry will be better positioned to combat these criminals.”

If your organization is concerned about the cyber security strategies you have in place, then IT Governance recommends implementing best practices as outlined in ISO27001, the international standard describing best practice for an Information Security Management System (ISMS). Recognized by organizations worldwide, this standard is acknowledged as path for taking relevant steps in making your organization cyber secure. ISO27001 enables you to pick the controls that best suit your business, stakeholder’s, and compliance requirements, and then manage them in a consistent and continuous way. The No 3 Comprehensive ISO27001 2013 ISMS Toolkit provides a complete solution to managing information by offering:

  • ISO27001:2013 ISMS Documentation Toolkit – pre-written documentation by ISO27001 consultants to save you months of work in preparing and maintaining the documentation for meeting compliance.
  • Complete set of ISO27001 Standards for guidance.
  • Supplementary books to aid you throughout implementation.
  • vsRisk automated risk assessment tool.

Find out more about the No 3 Comprehensive ISO27001 2013 ISMS Toolkit.

Whether some good has come out of Target’s breach is hard to say, but US retailers and security agencies coming together to share information and best practices can only be seen as a step in the right direction.

Source: USA Today, MarketWatch