Tags: Cyber Law

Lessons Learned From Target's 2013 Data Breach

 

The start of the holiday shopping season on Black Friday last week marked the one year anniversary of the Target data breach. Hackers tapped into Target’s computer system and stole debit and credit card information between November 27 and December 15, 2013. The Target hacking that affected 110 million customers provides guidance for any business collecting personally identifiable information, and is especially relevant during this holiday shopping season.

  1. Regular security audits must be conducted. Target admitted that it had missed certain warning sings about potential security gaps. A systematic, measurable technical assessment of your organization’s security policy is the first step. Analyzing any potential security gaps and implementing new security procedures to close those gaps are critical to safeguarding data. Making sure employees are actually following those measures is critical to reducing the probability of a breach.
  2. Pay to implement protective measures now, or pay the high cost of a breach later. The cost of the Target breach has already exceeded $148 million according to the New York Times. Additional costs to businesses that suffers a data breaches in the form of reduced profits, loss of consumer confidence, and devaluation of its brand may take months or years to recoup. The cost of a security audit and additional security measures pale in comparison.
  3. An incident response plan reduces the time and cost of communicating with affected customers. Target waited several days before announcing the breach to its affected customers. Waiting several days or weeks to announce a major data breach only exacerbates costs and reputation damage. Having a plan in place before a breach can significantly reduce the cost of the breach and recovery process. Knowing well in advance before a breach occurs whether there are legal disclosure requirements about the data your company collects allows the creation of a communication plan long before a breach occurs. Once a breach occurs, resources will be needed to investigate what data was breached and how the breach occurred. The details of the breach can be quickly added to email templates, customer form letters, any required federal and state agency reports, and even news releases. Adding the need to investigate reporting requirements for the 46 states that have such laws as well as federal regulations at a time when chaos and stress is high is not the wisest use of your company’s resources, and may cost more in the long run.

For more information about cyber law and protecting your company against a major data breach, contact the Goosmann Law Firm at info@goosmannlaw.com or call 712-226-4000.

Photo Copyright: wolterk / 123RF Stock Photo

Subscribe Our Blog

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.