Data Breaches in Retail over the Last Two Years

This entry was posted on Thursday, July 12th, 2018.

Depending on the person doing the shopping, it can be either a relaxing or a stressful affair. The latter is certainly true for those who are concerned about security and personal information. Since January, 2017, at least 15 separate security breaches have occurred, many of them caused by flaws in payment systems, either online or in stores. Data breaches pose a threat to both brands and the customers they serve, and can affect a customer’s trust in those brands.

A study by KPMG showed that 19% of consumers would completely stop shopping at a retailer following a breach, and 33% would take a break from shopping there temporarily. A record-breaking 15.4 million US consumers were affected by identity fraud in 2016, marking a 16% annual increase according to Javelin.

The Data Breaches

The stores affected by data breaches in the last two years include Macy’s, Adidas, Sears, Kmart, Delta, Best Buy, Saks Fifth Avenue, Lord and Taylor, Under Armor, Panera Bread, Forever 21, Sonic, Whole Foods, Gamestop, and Arby’s.

In June, Adidas announced that an “unauthorized party” claimed to have acquired limited data associated with certain customers. Those potentially affected are believed to be customers who made purchases on Adidas’ US website. Contact information, usernames, and encrypted passwords might have been exposed, according to the company’s preliminary investigation. However, credit card and fitness information are not thought to be included in any stolen data.

Whole Foods, having been acquired by Amazon for $13.7 billion in late August, announced in September, 2017 that it had recently received information regarding unauthorized access of payment card information. Customers who only shop for groceries at Whole Foods are unaffected, with the company saying that only taprooms and table-service restaurants within their stores, which utilize a different point-of-sales system, were affected.

Customers shopping online at Gamestop’s website have also fallen victim to a data breach in April 2017, the video game retailer confirmed. Customers who shopped online for a six month period were vulnerable from August 10th, 2016 to February 9th, 2017. Names, addresses, and credit card information were all taken in a breach of the website’s payment processor.

The Bottom Line

There seems to be a pattern of companies losing sensitive information in a limited field. Customers who shopped only online within a certain period, or customers who have only used a certain service have been affected. It is feared that perhaps the limited nature of these data breaches might not be incentive enough for companies to prioritize security.

But lost data is still lost data, and that has damning ramifications for customers’ trust in businesses. Business Insider reports that with massive data breaches negatively impacting consumer trust, it is critical for companies to remain vigilant in detecting, resolving, and immediately informing consumers of data breaches. As the threat of fraud grows, payment firms and retailers need to prioritize security investments, like multi-factor authentication, EMV terminals, or tokenization solutions, to keep ahead of data breaches.