General

Data Breach at Target Corporation

Written by Ruth Owojaiye · 2 min read >

At one of our Analysis of Business Problems classes, we reviewed the case of Target Corporation, a well-known retail company headquartered in the United States (US) with a chain of department stores which quickly developed a brand for dependable merchandise and a spirit of giving. It also ventured into Canada with the hope of replicating its operations there.  The Corporation faced numerous business challenges including fierce competition in both the US and Canada (especially its e-commerce) and in the US suffered a data breach in 2013, resulting in the theft of personal and payment information of millions of customers.

I will focus on the impact of the data breach side of the case study. 

In today’s world, where people’s privacy is violated with sometimes no penalties, and victims suffer financial and personal losses due to the handlers of such data’s negligence, the handling of personal data by businesses has become a significant problem.  For a number of reasons, it’s crucial to properly manage customers’ personal data:

  • Privacy Protection: Customers have a right to privacy, and personal information should be handled responsibly and securely to uphold those rights. Personal data contains details that clients offer to businesses, such as names, addresses, phone numbers, email addresses, financial information, and other sensitive data. The protection of customers’ privacy is ensured through the management of personal data, which helps prevent illegal access, use, or disclosure of such information.
  • Trust and Confidence: For any business to succeed, developing and upholding consumer trust and confidence is critical. Customers anticipate that when they give their personal information to a company, it will be managed securely and used solely for those purposes for which it was originally intended. Failure to protect personal data may lead to security incidents such as breaches, data leaks, identity theft, and others that could damage customer confidence. On the other hand, businesses that manage personal data responsibly can gain the trust of their clients, fostering client loyalty, repeat business, and favorable word-of-mouth recommendations.
  • Compliance with Laws and Regulations: Many countries have implemented rules and regulations that control the acquisition, use, and protection of personal data. These laws, which include the General Data Protection Regulation in the European Union, the Payment Card Industry Data Security Standard in the United States, and other industry-specific standards, must be followed by organizations. The organization’s reputation may suffer as well as heavy fines, penalties, and legal obligations if these laws are breached.
  • Business Reputation and Competitive Advantage: Organizations’ reputation and competitive advantage may be impacted by how they handle personal data. A data breach or improper treatment of personal data may lead to bad press, harm to the organization’s reputation, and a decline in sales. By developing a reputation as a dependable and trustworthy steward of consumer information, firms that emphasize the protection of personal data and exhibit appropriate data management techniques can, on the other hand, earn a competitive edge.
  • Customer Expectations: Customers are increasingly concerned about how their personal data is gathered, used, and protected. They demand that businesses be open and honest about their data practices, secure data from unauthorized access and breaches, acquire valid authorization before collecting data, and use it exclusively for the purposes for which it was intended. Businesses that meet or surpass these consumer expectations are more likely to draw in new clients and keep existing ones, whilst those that fall short risk losing clients and customer satisfaction.

With respect to Target Corporation, causes of the data breach at Target Corporation included:

  1. Cybersecurity Vulnerabilities: Target Corporation’s systems had cybersecurity vulnerabilities that were exploited by cybercriminals to gain unauthorized access to customer data.
  2. Insecure Data Measures: Target Corporation failed to implement adequate data security measures, such as encryption and access controls, to protect customer information.
  3. Insufficient Employee Training: Employees could not identify and respond to cybersecurity threats which delayed the detection of and actions to stem the breach.
  4. Inadequate Incident Response Plan: Target Corporation lacked a robust incident response plan to effectively handle the breach once detected which resulted in further delays in the containment and mitigation efforts of the breach.

The consequences of the data breach were significant, including loss of customer trust, damage to the company’s reputation, financial losses from legal and regulatory penalties, and costs associated with improving cybersecurity measures and incident response.  It was reported that in 2014, the Corporation earned no revenue from e-commerce, with its major competitor, Walmart taking the e-commerce market share.

In conclusion, the Target Corporation data breach resulted in significant lessons for data security, staff training, incident response planning, contingency planning, and regulatory compliance. Since then, Target Corporation has taken a number of steps to improve its cybersecurity posture and safeguard consumer data in its custody and win back its customers.

Written by Ruth Owojaiye
Profile

So Far in Corporate Financial Accounting (CFA) – Part 3

Theodore Okafor in General
Dec 17, 2023   ·   3 min read

Happiness: A Unique Inside Job!

Yemi Alesh in General
Dec 16, 2023   ·   1 min read

Support systems in LBS: Our Facilitators

Chidiebere Osuji in General
Dec 16, 2023   ·   2 min read

Leave a Reply

Up Next: MARVIN H. SWIFT; LOGICAL THINKING AND ARGUEMENTATION