Last week, news about yet another data breach at major retail outlets surfaced. As Krebs on Security reported, Michaels Stores Inc., which includes Michaels Arts and Crafts and Aaron Brothers stores, admitted that its stores suffered two different eight-month-long breaches over the past year. Approximately three million credit card numbers were compromised in these attacks.
These breaches are a big deal—especially as seen in conjunction with other high-profile retail breaches. Millions of consumers have been victimized in these security breakdowns, at no fault of their own.
It is no wonder that a new survey from research firm GfK found that an overwhelming majority of consumers, 88 percent, voiced concerns over the privacy of their information and data. According to eSecurity Planet:
Concerns about privacy are increasing—49 percent of respondents now say they're "very much" concerned about data privacy, and 59 percent say their concern has risen in the last 12 months.
The poll of 1,000 consumers was taken in early March, and as eSecurity Planet pointed out, a third of those surveyed had their personal information compromised within the past 12 months. No wonder, then, that so many people are distrustful about company privacy efforts.
Despite the concerns, though, consumers are still willing to hand out their personal data to companies, including their favorite stores. According to Computerworld:
GfK asked respondents what types of organizations they trusted most to protect their personal data. Doctors and health-care organizations scored the highest, with online payment systems, online retailers and banks also earning the trust of more than 60 percent of respondents.
Even though they are privacy wary, perhaps consumers do understand the truth about a comment Jeff Davis, vice president of engineering at Quarri Technolgies, made in an email to me: “Security is hard, and even the companies that do the best work on security issues get breached.” But, he added, every company still needs to make security a priority:
It sounds cliché, but organizations that handle sensitive data almost can't be too careful these days. The battle between IT staffs and attackers is dauntingly asymmetric—one successful breach can cause serious and lasting damage, even if the exploited organization successfully fended off thousands of attacks before it. Meanwhile, attackers can fail 99% of the time and still make a profit.