From November 27 to December 18, 2013, holiday shoppers at Target stores were the victims of a data breach that affected an estimated 100 million people via criminal hacks against some 40 million debit and credit cards.
That infamous data breach was an expensive lesson in cyber security for Target. Coming at the height of the holiday shopping season, the giant retailer was gobsmacked by a malware nightmare. Instead of “Expect More Pay Less,” Target has spent the last two years paying for what it never expected.
And now, more bad news. A U.S. District Judge in Minnesota has ruled that banks—who were hit hard with the expense of re-issuing new credit and debit cards to Target’s customers—may move forward with a class action lawsuit against Target. Ca-ching.
While none of this is good for Target’s bottom line, the Target brand is not suffering. In fact, its brand favorability is high, especially among young people and families on a budget. And, in this infamous case of cyber crime, Target is the victim. Unfortunately for Target and myriad other companies, governments, and private citizens, victimhood isn’t a shield against liability or the cost of repairing the damage. As of February 2015, the data breach has cost Target $252 million. The cost and possible damages coming from a class action lawsuit against five financial institutions will cost millions more.
The annual global cost of cyber crime is an estimated $400 billion.
For any business, government, person—any entity on earth—for whom privacy, security, property, or finance is an issue, cyber security must be a priority. Yes, it’s an expense—and for some companies it will be a new and costly line item in the budget. But weighed against the cost of a breach, it could be the best money ever spent.