There is no doubt hackers are interested in stealing credit card information from retailers, but it’s not the only information they want. While credit card theft gets the majority of the media attention, other data is also at risk. Hackers can use the personal information they steal from retailers to commit identity theft. Once they have the victim’s name, birth date and contact information, they just need a Social Security Number to start posing as that person. Let’s look at two sources of valuable personal information that are often overlooked.
Loyalty programs reward customers with discounts, special promotions and other rewards in exchange for giving the retailer their personal information. Many retailers keep customer names, email addresses, physical addresses and birthdays on record to send promotional materials and encourage repeat purchases. Retailers either maintain their own customer loyalty databases or contract a third-party company to keep track of the information for them.
In November 2013, a European company that tracks rewards programs for many different retailers was hacked and exposed the information of 1.5 million customers. Some profiles included credit card and security information, and the company warned customers to be suspicious of charges dating back up to two years.
Employee information is even more appealing to hackers because the retailer already has the employee’s social security number on file. Employee databases are also more accurate, since customers sometimes give false or incomplete information or don’t update their profiles when they move.
While there haven’t been many hacking attempts aimed specifically at stealing retail employee data, organizations in other industries have been targeted by hackers for years. In 2013, the University of Delaware was hacked and exposed the personal information of approximately 72,000 employees and student workers. Just last month the Archdiocese of Seattle reported the information of up to 90,000 employees and volunteers had been compromised.
Retailers cannot afford lax security on employee data. The February 2014 arrest of three corporate Home Depot employees for stealing employee data and using it to open bogus credit card accounts should ring alarm bells for the retail industry.
While credit card fraud is costly for businesses, from the victim’s perspective the aggravation is temporary and goes away once they get a new card. The effects of identity theft are more serious, longer lasting and more troublesome for victims to resolve. Retailers owe it to their customers and their employees to keep all of their personal data safe.