Saving Face: The Aftermath of a Data Hack
Retailer FatFace was in the press recently having been the victim of a sophisticated ransomware attack, which saw an unauthorised third party access both customer and staff data.
Over and above the reporting of the data breach itself, what stood out was the negative coverage FatFace received on the communication of the hack to its customers. Two months after the breach and with communications marked as ‘confidential’, the retailer has faced the brunt of those unhappy with their overall handling of the attack.
Reports suggest that FatFace has paid £1.45m ransom because of the attack on its systems in January. This type of assault on a reputable retailer will shock consumers, as it really brings to light the value placed on personal identifiable data. .
For organisations, it really hits home the importance of having the right solutions in place that limit potential risk or exposure by ensuring as little information is stored on the corporate infrastructure as possible. So, in the event of a breach, there is limited information available and you can go to your consumer base with confidence and transparency.
Research conducted in the UK by PCI Pal – which surveyed 2002 shoppers – identified just how consumers react in the event of a breach, and the importance they place on organisations’ taking responsibility post-breach:
When asked if a data breach would change their spending habits with a brand:
- 44% said they would stop spending with the brand ‘forever’,
- 41% said they would stop spending with the brand for “at least a few months”
- Only 15% said it ‘makes no difference to them’.
When asked what it would take for consumers to go back to shopping at a company that suffered a security breach, consumers said:
- 50% said they would return if a third party or regulator confirms their system is safe again
- Almost half (47%) said they would return if the organisation announced PCI compliance, by adopting strict payment security regulations
- 43% said they felt more comfortable when a firm admits responsibility and investing money in improving their security.
What this really shows is the significant impact a data breach can have on consumers’ brand loyalty and spend. However, demonstrating that clears steps have been taken to adopt strict security regulations, and being open and admitting responsibility will not go unnoticed.