Last October, Barnes & Noble announced a data breach at 63 of its stores, reporting that one PIN pad device used by customers to swipe credit and debit cards had been compromised in each affected store. The bookseller didn't report the breach for at least one month in order not to impede an ongoing federal investigation.
While Barnes & Noble's situation about withholding information about the beach and communicating the news to its customers was unique, most states require that companies notify customers of a breach if their names are compromised in combination with other information such as a credit card, a Social Security number or a driver's license number.
The bookseller is among a long list of organizations that had data compromised from a wide variety of methods ranging from skimming, data exposure, malware, or employee theft. In fact, the Privacy Rights Clearinghouse, a consumer information and advocacy organization, lists the chronology of data breaches, which totals 607,110,929 between 2005 and present day.
According to the 2011 "Cost of Data Breach Study," by the Ponemon Institute, the cost of data breaches totaled $3.01 million in 2011, referring to abnormal turnover of customers, increased customer acquisition activities, reputation losses, and diminished goodwill.
Taking steps to keep customers loyal and repair any damage to reputation can help reduce the cost of a data breach and keep a company's brand and customers intact. Today, 1to1 Media Senior Writer Cynthia Clark , explores the problem and offers steps for prevention and recovery in her article, "When Data Breaches Happen: 5 Steps for Prevention, Response, and Recovery." Part of prevention efforts involve educating and designing internal processes to prepare for such data disasters. Don Peppers, founding partner of Peppers & Rogers Group, discusses here how creating and relying regularly on internal checklists can help to prevent or prepare for such incidents.
The bottom line is, not all data breaches will be preventable, but in the Age of the Internet where consumers grow increasingly protective of their data privacy, it's essential for organizations to not only take steps for prevention, but also have strategies and thoughtful plans in place for communicating such events to their members and customers.