Consumers have long memories when it comes to a loss of trust in a bank or card company from a data breach. The damage from a spate of high-profile consumer data breaches over the past year appeared to bruise trust in several major brands, including that of Citigroup Inc.
Citi’s highly publicized credit card data breach last year came in first among companies whose data breaches consumers considered “most damaging” in an online poll Gartner Inc. conducted in August involving 3,000 U.S. adults.
The percentage of respondents concerned about the Citi breach surpassed those of other major breaches on a list that included an attack last year on the Central Intelligence Agency’s website, the Wikileaks exposure of secret documents that began in late 2010, Sony Corp.’s PlayStation breach in April and major data breaches in March at Alliance Data Systems Corp.’s Epsilon unit and at EMC Corp.’s RSA Security, Gartner says.
Asked to assess the effect of data breaches on the list, 19% of respondents ranked Citi’s breach first in causing the most damage or affecting the most consumers. The CIA incident was next at 18%, followed by Wikileaks at 13%, Sony at 4%, Epsilon at 2% and RSA at 1%. Another 1% of respondents ranked an unspecified “other” company as causing the most damage, and 42% said they did not know.
Ironically, headlines more than facts can sway consumer perceptions of data-breach risk, Avivah Litan, Gartner vice president and distinguished analyst, tells PaymentsSource.
“Consumers may have a distorted view of what actually poses a risk to them because many would agree that exposure of details that could present a military threat or bombs is far worse than your credit card getting exposed where you have no liability,” Litan says.
Fraud risk from the Citi breach, which affected 360,083 credit card accounts, was low, experts say. Citi within a few days of the breach began reissuing cards to 217,657 of those accounts (see story).
But the publicity surrounding the event may have triggered a bigger reaction, Litan suggests.
Consumers in bank-data breaches would be reimbursed for any losses, “but Citi lost a lot from a reputation point of view,” Litan says.
Though figures are not available for the total number of breaches because their scope varies widely, the size of reported major data breaches last year suggests data- security risk levels are rising, she says.
Experts say a rise in data-stealing malicious software also threatens card data security (see story).
And while financial-services companies tend to have solid data-breach recovery plans in place, the vast majority of other corporations do not, which is a serious problem for companies associated with them, Litan says.
“If you exclude banks and financial-services companies, we estimate only 5% of corporations have a data-breach recovery plan in place, which is a big worry,” she says.
What do you think about this? Send us your feedback. Click Here.