For the past several months, there have been numerous stories about major retailers that have been breached by hackers. The result is that millions of credit cards have been stolen.
In the case of Target, so far it is reported that 40 Million customer credit cards have been exposed, and 70 Million total records with personal information have been stolen. The customers who are affected in such a breach feel let down by the merchants who lost their data, and the merchants feel like victims because thieves stole data from them, but they are being blamed.
Inevitably, a big retailer like Target makes some generic announcement talking about the efforts they are making to boost their security, and usually some kind of free credit monitoring service is offered.
In the case of Target, the website that was supposed to handle this service was so inundated by requests, that for several days, it was nearly impossible for their customer to sign up. This caused quiet a negative rash of social media backlash, and people in general seemed dissatisfied with Target’s response.
Compounding the issue is the fact that Target is facing huge lawsuits, so it is obvious that every announcement is being screened by both public relations personnel and their legal team.
I propose that Target and other large retailers who have been victimized use their capital resources to greater effect. Not only can they win back the hearts and minds of their customers who have had their credit cards stolen, but they will also cause other hackers to pause before attempting something as brash as stealing 40 Million credit cards.
Think about what would happen if Target offered $1 Million to anyone who provides information that leads to the arrest and conviction of the party (or parties) who were responsible for the breach.
When hackers launch attacks of this nature, rarely can they do it without assistance from multiple sources who have specific knowledge or skills as it relates to security. Programmers for example rarely also have skills to penetrate firewalls. Therefore, a team of people is usually assembled to pull off a major breach like the one that happened at Target. The thing is, groups of people rarely have the ability to keep everyone completely silent.
Also, this culture is ruled by the almighty dollar, and $1 Million is enough of a reward, that if someone let critical information out, it is likely the person they told would be swayed to turn them in rather than keep their confidence. Despite the old saying, there really is no honor among thieves, and it has been our experience that they will turn on each other when a profit is to be made.
Of course, it is easy from our perspective to spend Target’s money for them, and they have teams of people whose job it is to monitor and improve their image.
On the other hand, if you saw a full-page ad this weekend in the Wall Street Journal announcing that Target was offering this reward to help catch the thieves who have caused them so much trouble, would your opinion of the brand go up? Especially if Target went on a campaign talking about how we are all victims.
The idea would be that Target would spend its money to bring the criminals to justice so that we can all sleep better at night. Maybe it would have no affect, but the people we have polled thought that it would do wonders for Target’s image. All retailers might want to consider this kind of response instead of hiding behind a legal barricade.
It’s just a thought, but remember, ID theft is an attack that people take personally, so showing victims something that makes them feel better is the first step to helping them move on.
Subscribe to Lumifi's Daily Cybersecurity News Curated by a CISO
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.