Numb to data breaches? When weren’t we?

By Chad Hemenway on October 9, 2014

stock-trading-1If you held 100 shares of TJX Companies Inc. stock in April 2007 — about a month after T.J.Maxx, Marshalls and Bob’s Stores suffered a cyber breach of 45.6 million consumer credit and debit card numbers — you had about $1,400 in your investment portfolio.

Today the same amount of shares are worth about $6,100.

Shares of TJX closed at $60.99 on Oct. 8, up a little more than 2 percent from the previous close.

***

I was struck this week by an article in the Washington Post: “Home Depot and JPMorgan are doing fine. Is it a sign we’re numb to data breaches?”

Home Depot’s stock is up a few dollars per share since its data breach. Shares of JPMorgan & Chase barely flinched after a regulatory filing disclosed that the data of 76 million households and 7 million small businesses may have been exposed by a breach.

JPM closed at $60.40 on October 8. Except for a week-long stretch in mid-September, the stock is at its highest point over the last six months.

So, yes, maybe we are numb. But an argument could be made that investors, and customers of hacker-hit companies, have never really been affected by data breaches. We’ve always been numb. Companies take a momentary hit and then…well…it is business as usual.

Target stock has had its ups and downs but it about breaks even compared to its share price late last year when it made retail data breach history. Sally Beauty Supply, Michaels, Supervalu, UPS and eBay: the value of a share of each company remain near or slightly above the share price at the time of their data breach incident.

Studies show breach notifications are ignored by many people. And many more people say they didn’t stop doing business with a breached company.

And the story offers another interesting theory. A data breach victim, forced to get a new Home Depot card after its breach, said his shopping habits won’t change because there are not many other options to get the types of products and supplies Home Depot sells.

We live in a big box world. You’re lucky if you have a hardware store downtown. And even if you do, it won’t have the inventory a Home Depot can house.

A reader poll attached to the Washington Post story asked readers why they returned to shop at a data breach victim store. Nearly 37 percent checked off this option: “Breaches seem to be commonplace these days, so I don’t particularly blame the retailer.”

It should be noted more than 28 percent said they stopped shopping at breached retailers.

I’m not calling that 28 percent liars. Not the whole 28 percent. And the rest will 1.) be back sooner than later, or 2.) will be knitting sweaters since they will have less and less options as more and more companies are breached.

Tell me what you’re thinking. Email me at chemenway@advisen.com

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or chemenway@advisen.com.