Are Retailers Doing Enough to Notify Customers of Data Breaches?

November 15, 2017, Written By John H. Oldshue

Americans have become desensitized to data breaches. When the Target data breach first came to light in 2013, people were in a frenzy—boycotting stores, filing lawsuits, and panicking about the state of their credit.

Fast forward four years, and breaches just seem to “happen.” In September, Whole Foods announced a cybersecurity incident affecting taprooms and restaurants within its grocery store. Two weeks later, Hyatt confirmed a data breach affecting the credit card processing systems at 41 of its hotels. Yesterday, fashion retailer Forever 21 issued a statement notifying customers of a breach at “only certain point of sale devices in some Forever 21 stores.”

What do all of these security incidents have in common? A lack of customer notification. Most retailers will release statements/press releases to the public or post something on their website explaining the nature of the breach, but many times, that is as far as they go. They encourage affected parties to monitor their financial accounts, change passwords, etc., but many do not send letters to their customers letting them know about the incident.

This pushes the burden onto the consumer: watch out for a problem, react accordingly.

Banks, credit unions and payment card issuers typically take a more active approach when notifying customers of a data breach. They will send out letters, cancel/send out new cards, issue new account numbers and even call their customers to let them know about the incident. Perhaps that is why 43% of consumers trust debit and credit card companies with their data security, while only 11% trust retailers with their card information.

If data breaches are becoming a societal norm, it’s important for retailers to find new ways to reach affected parties. For instance, a store like Forever 21 could make an Instagram post letting its 14 million followers know about the card incident, rather than posting it in their newsroom, which is only accessible through a tiny link at the bottom of their website’s homepage. Yes, that would hurt sales and bring more attention to the matter, but consumers will ultimately benefit from the transparency.



The information contained within this article was accurate as of November 15, 2017. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue