A Tale Of Two Cyberheists - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // CIO Insights & Innovation
09:06 AM
Mike Feibus
Mike Feibus

A Tale Of Two Cyberheists

Both Target and SnapChat recently fell victim to high-profile security breaches, but the long-term damage to SnapChat will be much greater. Here's why.

I got the email from Target the other day and had to smile. For weeks I've contemplated and debated about how consumers might react to the breach. But I never once thought about how I felt about it -- not until the apology from Target CEO Gregg Steinhafel landed in my inbox.

He told 110 million of my closest friends and that our credit card information and/or our names, addresses, phone numbers, and email addresses may have been stolen. Then he assured us that he was really sorry about it. How did it make me feel? Like many others, I didn't much care. I read it. I shrugged. And then I made a note to take Target up on its offer of a year of free credit monitoring. I haven't signed up yet, but I'll get around to it -- right after I straighten out the workbench in the garage.

Contrast that with the hailstorm that SnapChat has endured since hackers snatched 4.6 million members' usernames and phone numbers from the photo and video messaging service. The Target heist affected many more people -- 23 times more, to be exact -- and it involved more data per customer. But SnapChat will be stinging much longer than Target. The reason: Target sustained what consumers see as a security breach, while SnapChat's is a privacy violation.

[For the latest on the Target breach, read Target, Neiman Marcus Malware Creators Identified.]

The two e-burglaries underscore the distinction between how consumers view online privacy and security -- and the vast difference in their expectations for how companies should handle the information in each bucket. If credit card information and related transactional data is compromised, consumers expect companies to make it right. But with information they regard as private, they expect companies to keep it private. Period. End of story.

Understanding the distinction is critically important these days. Marketers are beginning to assume that people in their target audience are carrying smartphones. Their demand for personal information is skyrocketing. They want to know where consumers are and what they're doing so they can deliver timely, relevant messages. At the same time, consumers are growing more wary with each new privacy violation.

Confounding the problem is that consumers may see the same data differently, depending on the context. If hackers invade Lowe's, for example, consumers would likely view that as a security breach. The credit card will be replaced. If the hackers learn where they live and that they're the proud owners of a new garden hose, they can live with that. Very different story, though, if hackers poach another database and learn that they bought hose attachments at an online sex shop. (No mail please -- I'm not even sure if that's possible!)

That's why the Target and SnapChat breaches elicited such polar responses. Thanks to the Target heist, there are unsavory types out there who know millions of consumers may have purchased dishes, pillow shams, or a box of crackers at Target. Yawn. With the SnapChat break-in, the hackers might know, well, you know.

To be sure, the holiday raid is costing Target millions. Sales slumped during the critical shopping season as customers bought gifts elsewhere while waiting for the company to sort things out. But while Target lost sales, it didn't lose customers. Generally speaking, consumers aren't abandoning Target. So it's in much better shape than SnapChat in that regard.

Overcoming consumers' privacy concerns is a critical topic for digital marketers, one that we'll be exploring at the MarketsofOne TechSummit in April. The summit's focus is how to drive the transition from targeting markets of millions to millions of markets of one. Check it out.

Meantime, marketers who see pots of gold at the end of the contextual awareness rainbow will need to step gingerly, because this is clearly a matter of privacy, not security. The prospects for winning big are clear. But they need to be transparent about the data they want to collect, and what's in it for consumers. They need to keep in mind that the more consumer data they have, the more they'll need to protect. If they don't, the backlash may be paralyzing -- even fatal.

Mike Feibus is principal analyst at TechKnowledge Strategies, a Scottsdale, Ariz., market research firm focusing on mobile client technologies. You can reach him at [email protected]

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
1/22/2014 | 11:03:24 PM
Re: Universal reaction?
Good question, David. No, there's no universal. By definition. That's the tricky thing here. There will be people who feel violated by the Target breach. And there will be people who aren't bothered by the SnapChat crack. 

Consumers define whether a breach falls into the security or privacy bucket.
David F. Carr
David F. Carr,
User Rank: Author
1/22/2014 | 10:33:50 AM
Universal reaction?
Your reaction to these two types of breaches interesting, but what makes you think it's universal?
Lorna Garey
Lorna Garey,
User Rank: Author
1/22/2014 | 10:18:23 AM
Another factor ...
Many parents have been dying for a reason to make their teens (and persuade their older offspring to) delete their SnapChat accounts. I'm in the latter camp - made the case to the college-age one over holiday break that SnapChat is evil. Score one for mom.

In contrast, no one really wants to stop shopping at Target.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll