Strategic CIO // Executive Insights & Innovation
Commentary
1/22/2014
09:06 AM
Mike Feibus
Mike Feibus
Commentary
Connect Directly
RSS
E-Mail
50%
50%

A Tale Of Two Cyberheists

Both Target and SnapChat recently fell victim to high-profile security breaches, but the long-term damage to SnapChat will be much greater. Here's why.

I got the email from Target the other day and had to smile. For weeks I've contemplated and debated about how consumers might react to the breach. But I never once thought about how I felt about it -- not until the apology from Target CEO Gregg Steinhafel landed in my inbox.

He told 110 million of my closest friends and that our credit card information and/or our names, addresses, phone numbers, and email addresses may have been stolen. Then he assured us that he was really sorry about it. How did it make me feel? Like many others, I didn't much care. I read it. I shrugged. And then I made a note to take Target up on its offer of a year of free credit monitoring. I haven't signed up yet, but I'll get around to it -- right after I straighten out the workbench in the garage.

Contrast that with the hailstorm that SnapChat has endured since hackers snatched 4.6 million members' usernames and phone numbers from the photo and video messaging service. The Target heist affected many more people -- 23 times more, to be exact -- and it involved more data per customer. But SnapChat will be stinging much longer than Target. The reason: Target sustained what consumers see as a security breach, while SnapChat's is a privacy violation.

[For the latest on the Target breach, read Target, Neiman Marcus Malware Creators Identified.]

The two e-burglaries underscore the distinction between how consumers view online privacy and security -- and the vast difference in their expectations for how companies should handle the information in each bucket. If credit card information and related transactional data is compromised, consumers expect companies to make it right. But with information they regard as private, they expect companies to keep it private. Period. End of story.

Understanding the distinction is critically important these days. Marketers are beginning to assume that people in their target audience are carrying smartphones. Their demand for personal information is skyrocketing. They want to know where consumers are and what they're doing so they can deliver timely, relevant messages. At the same time, consumers are growing more wary with each new privacy violation.

Confounding the problem is that consumers may see the same data differently, depending on the context. If hackers invade Lowe's, for example, consumers would likely view that as a security breach. The credit card will be replaced. If the hackers learn where they live and that they're the proud owners of a new garden hose, they can live with that. Very different story, though, if hackers poach another database and learn that they bought hose attachments at an online sex shop. (No mail please -- I'm not even sure if that's possible!)

That's why the Target and SnapChat breaches elicited such polar responses. Thanks to the Target heist, there are unsavory types out there who know millions of consumers may have purchased dishes, pillow shams, or a box of crackers at Target. Yawn. With the SnapChat break-in, the hackers might know, well, you know.

To be sure, the holiday raid is costing Target millions. Sales slumped during the critical shopping season as customers bought gifts elsewhere while waiting for the company to sort things out. But while Target lost sales, it didn't lose customers. Generally speaking, consumers aren't abandoning Target. So it's in much better shape than SnapChat in that regard.

Overcoming consumers' privacy concerns is a critical topic for digital marketers, one that we'll be exploring at the MarketsofOne TechSummit in April. The summit's focus is how to drive the transition from targeting markets of millions to millions of markets of one. Check it out.

Meantime, marketers who see pots of gold at the end of the contextual awareness rainbow will need to step gingerly, because this is clearly a matter of privacy, not security. The prospects for winning big are clear. But they need to be transparent about the data they want to collect, and what's in it for consumers. They need to keep in mind that the more consumer data they have, the more they'll need to protect. If they don't, the backlash may be paralyzing -- even fatal.

Mike Feibus is principal analyst at TechKnowledge Strategies, a Scottsdale, Ariz., market research firm focusing on mobile client technologies. You can reach him at mikef@feibustech.com.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
1/22/2014 | 10:18:23 AM
Another factor ...
Many parents have been dying for a reason to make their teens (and persuade their older offspring to) delete their SnapChat accounts. I'm in the latter camp - made the case to the college-age one over holiday break that SnapChat is evil. Score one for mom.

In contrast, no one really wants to stop shopping at Target.
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
1/22/2014 | 10:33:50 AM
Universal reaction?
Your reaction to these two types of breaches interesting, but what makes you think it's universal?
MFeibus
50%
50%
MFeibus,
User Rank: Strategist
1/22/2014 | 11:03:24 PM
Re: Universal reaction?
Good question, David. No, there's no universal. By definition. That's the tricky thing here. There will be people who feel violated by the Target breach. And there will be people who aren't bothered by the SnapChat crack. 

Consumers define whether a breach falls into the security or privacy bucket.
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.