Will TJ Maxx Lose 77% Of Its Customers Over Data Breach?
from the somehow,-we-doubt-it dept
It's easy to get people to say what you want them to say concerning how they would act in a specific situation, but try watching how they actually act and you'll realize that actions definitely do speak a lot louder than words. Some researchers are reporting that approximately 77% of people say they would stop shopping at stores that suffer data breaches. Interesting timing, given the huge data breach by TJX, owners of stores chains like TJ Maxx and Marshalls. While it is likely that the publicity around this story (including the fact that some of the data has already been used in various scams) will have some people thinking twice about shopping at TJX stores -- somehow we doubt they're going to lose anywhere near 77% of their business. It's easy to say you won't shop there, but when it comes time to buy the kids cheap clothes for the new school year, people will go right back to their old habits. Perhaps that's why companies don't seem to take these data breaches very seriously. Despite lots of anger, it doesn't seem like people actually follow through. Another study that came out today tries to quantify just how costly data breaches are, and finds that it tends to cost companies from $90 to $305 per lost record, suggesting TJX's breach will cost it $1.35 billion -- however, many people say that's probably a lot higher than what it will turn out to be in reality. TJX will get a slap on the wrist, people will keep shopping there and the company will probably be just as likely to lose your data in the future as it was in the past.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Increase the penalties for repeated breaches
[ link to this | view in chronology ]
Who the hell shops there anyway?
[ link to this | view in chronology ]
Re: Who the hell shops there anyway?
[ link to this | view in chronology ]
Re: Who the hell shops there anyway?
Wouldn't you rather keep your money in your pocket???
[ link to this | view in chronology ]
Re: Who the hell shops there anyway?
[ link to this | view in chronology ]
Two options
Continue shopping a TJX but only deal in cash.
[ link to this | view in chronology ]
Does lightning strike twice?
[ link to this | view in chronology ]
Re: Does lightning strike twice?
[ link to this | view in chronology ]
But data breach doesn't matter that much . . .
So, again, breaches aren't preferrable - everyone is against them happening - but too much data security could have greater (well hidden) costs than the current status quo of not-enough.
Draconian fines for data breaches? I don't think so. Simple negligence liability for the consequences of a failure to secure data is enough. Along with (probably contractual) liability to the credit card issuers and/or associations, of course.
[ link to this | view in chronology ]
cash
Long story short, I was very inconvenienced by their incompetence, and was more put off by their stalling, understating the damage, and now pointing the finger to "failed encryption" as I read in one story. What a pile. I will not be shopping at TJ Maxx in the future, and I never really shopped at TJX's other stores. If for any reason I had to go there, I would pay cash. They have lost my business.
Do fines for companies do any good? no. The big ones couldn't care less. That is what insurance is for. What they fear the most is loss of brand, loss of trust. That is what takes a long time to earn and can be lost very quickly, often times never fully restored if at all.
Does "lightning" strike twice? you bet it does. In fact it generally is striking over and over, but many places have no clue that they are being compromised. Most companies believe that if they are not aware of a security breach, then it obviously has not happened. I replace all of my credit cards once a year.
[ link to this | view in chronology ]
Lightning strikes
[ link to this | view in chronology ]
Cheap is relative...
If you consider a risk of stolen credit card info, it can, indeed, be cheaper to go elsewhere.
I'm glad I read this before clothes shopping this weekend - that was actually my plan. However; I use cash 90% of the time. Pretty impossible to get a credit card number from me in any event.
But with like 10 different places to get clothes, why go anywhere that might be a risk?
[ link to this | view in chronology ]
Ignorance
As for shopping there w/a cc, give me a break. A cc is one of the BEST ways to shop. You get better management of your $$ (well if you know how to do this) and zero responsibility for bogus charges.
Yes, I'm aware there are those who don't check their receipts against their credit card statement,... those people are ignorant.
[ link to this | view in chronology ]
You goofed -- so pay up
When I phoned the credit card and politely but firmly complained, they gave me a $250 credit.
Just a thought -- 1.4Million cards x $250....
[ link to this | view in chronology ]
You goofed -- so pay up
When I phoned the credit card and politely but firmly complained, they gave me a $250 credit.
Just a thought -- 1.4Million cards x $250....
[ link to this | view in chronology ]
TJMAX
[ link to this | view in chronology ]
Credit Cards?
The only "credit" type card I have is the one the company I work for has issued me for company expenses - and even then, it's a charge card, not a revolving credit card.
[ link to this | view in chronology ]
Re: Credit Cards?
I stress persistent because paying interest or card fees is NOT intelligent. But for those of us who know how to work within the framework of the card recieved they can be a benefit.
[ link to this | view in chronology ]
Re: Re: Credit Cards?
[ link to this | view in chronology ]
Let the Market Sort Them Out
Maybe, finally, at long last, senior management at all of these corporations will finally decide to take start taking I.T. security seriously.
Unfortunately, I doubt that will happen.
People who make it to the top of the corporate management level are not very knowledgeable about much of anything or even, shall I say it... very smart.
[ link to this | view in chronology ]
Simple, right? Those that are unwilling to protect the data, should not be able to collect the data. Start with a three month suspension and work your way up for additional violations. Big box retailers have to be able to take credit cards. They would face the prospect of going out of business or being at a serious competitive disadvantage if their credit card data was breached repeatedly...
Oh, wait, Visa wouldn't want that, MasterCard wouldn't want that, the merchants wouldn't want that. Expect consumers to keep on paying the cost of this corporate recklessness.
[ link to this | view in chronology ]
Observation re: But data breach doesn't matter tha
While what Jim Harper says that, "the average person, victim of the average data breach, suffers essentially no harm whatsoever," is true because there is currently risk acceptance by the banks for card present fraud, this ignores the real victims of this kind of theft - completely innocent online merchants.
They are the true victims of breaches such as these because unlike card holders or brick and mortar stores, online merchants are entirely liable for card not present transactions even if they are not at fault.
Without help to protect themselves, merchants are completely vulnerable, and liable.
As my colleague Thorsten says, the problem is that the costs of such breaches to online merchants is an externality to the card associations such as Visa and MasterCard, to the issuing banks and payment gateways.
While a move such as that mentioned in March by Rep. Barney Frank chairman of the House Financial Services Committee, to make a company responsible for allowing a breach to bear the costs of notifying customers and reissuing cards, sounds sensible on the surface, it is not if it perpetuates this unfair treatment of online merchants, and other inequitable aspects of the current status quo in processing.
It is clearly far better then if liability is decided in the courts, as is currently the case.
This also will allow for future changes in risk acceptance as well opposed to the status quo, which is inequitable enough as is, let alone with the U.S. Congress setting it into stone with flawed liability legislation.
[ link to this | view in chronology ]
T J MAXX
[ link to this | view in chronology ]
asdf
[ link to this | view in chronology ]