Target Data Breach Disaster Is Another Arrogant Corporate Decision Hurting Millions
"Target seems to make more than one massive negative decision that impacts adversely millions of its customers. The current transgender policy for its bathrooms seems to put the "welcome creeps" sign out with the giant Target logo. Their barnstorming into Canada without taking into account Canadians, according to inside reports, cost them $5 billion and their 2014 data breach which is the 2nd largest retail data breach in history, could have been avoided according to experts, says Eugene Delgaudio, president of Public Advocate.
From "Data breach - the 5 things Target did that you shouldn't"
Report from the Compliance and Ethics Blog, a professional website:
"In December 2013, the world learned of the Target breach. We now know that more than 40 million credit card numbers were stolen along with 70 million other pieces of customer data. Together, this amounts to the second largest data breach at a U.S. retailer. Since the public became aware of the breach, more than 90 lawsuits have been filed against Target, as well as an investigation by the FTC and Senate Banking Committee.
Here are the 5 mistakes Target made with their data breach (that you should avoid): "
To paraphrase the article
1. Target ignored warnings.
Target installed expensive software costing over a million dollars and was told three times that they
were being hacked. They ignored it.
2. Consumers were not told fast enough.
Target disclosed the breach on Dec. 19, 2013 in response to a report by a journalist. It did not notify
customers reportedly until a month later. This was a terrible delay.
3. Target didn't disclose the full extent of the breach.
After first revealing on Dec. 19 about the breach of 40 million, it waited until Jan 10 to reveal
70 million personal names, addresses, etc. had been revealed. Conveniently after the holiday shopping
was over.
4. Target never said they were sorry.
Nobody ever heard any statement expressing sorrow.
5 Target is spending new money on new systems
Sadly, all the company needs is training according to their own reports. And there would be no data
breach. They already have the system in place due to the purchase (see number 1) and their own reports say their management needs training.
DIRECT QUOTE
"So, if you ever find yourself in the unenviable position of dealing with a data breach, remember Target (and don't do what they did). Disclose early and thoroughly, communicate with your customers, evaluate and change your internal systems, and maybe most importantly, say you're sorry."
from
http://complianceandethics.org/data-breach-the-5-things-target-did-that-you-shouldnt/