Less than two months out from Australia’s online privacy laws becoming more onerous, a massive data breach of a popular retailer is a reminder of the rising risks.
The data breach hit US retailing giant Target during the busy holiday season, resulting in the theft of credit card and identity data of more than 70 million of its customers.
The breach and the negative publicity surrounding it have caused Target to reduce its fourth-quarter earnings estimate, citing “meaningfully weaker-than-expected sales” since the data breach was announced.
The company, which is a separate entity to Target in Australia, said it was not yet able to estimate how much cleaning up the breach will cost but its costs may include “liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs; liabilities related to REDcard (Target’s credit card) fraud and card reissuance’ liabilities from civil litigation, governmental investigations and enforcement proceedings; expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities”.
On 12 March, amendments to Australia’s Privacy Act come into force, substantially increasing the exposure of many companies to cyber risks. The amendments overhaul the way businesses collect and use client data, along with substantially boosting the fines and penalties for data breaches.
However, a recent survey found almost two-thirds of businesses are unaware of the forthcoming overhaul.