Home Depot (HD +2.42%) has become the latest company to suffer a massive data breach when the company confirmed that earlier this month that data from approximately 56 million credit and debit cards was compromised. The company joins a long list of retailers that have suffered the same fate, including Neiman Marcus and Target (TGT +1.06%), which fired CEO Greg Steinhafel and reported lower-than-previous-year earnings for the first two quarters of the year, at least partially due to the data breach.
Target also lost the faith of some of its customers. Cowen & Co.'s Consumer Tracking Survey showed "meaningful decreases" in year-over-year customer satisfaction from Target customers for both the overall shopping experience and customer service in March, MarketWatch reported.
The Target data breach, which involved approximately 40 million credit and debit cards, is smaller than the Home Depot one, but a number of factors may lead to the home improvement chain not seeing a similar negative business impact. This is partially because of a sort of fatigue setting in where news of a new breach becomes ho-hum, and partly because the public has learned that the security violations won't cost them any money directly.
"The consumer does not pay the cost of the credit card breach and that limits how much they care about them, Core Security Vice President Eric Cowperthwaite told the Fool via email. "Abstractly, it is a big deal. But, there is no direct pain for the consumer."
That's good news for Home Depot -- and any other company that falls victim to a data attack.
Consumers don't care that much
Despite the numerous high-profile attacks by digital criminals on major brands, Americans remain mostly unconcerned about them, according to a survey released earlier this month by iDRADAR.
Source: iDRADAR.
As you can see from the graphic above, over two thirds of Americans did nothing to protect their credit or debit card in the wake of the recent data breaches.
"Frankly we continue to be shocked at this surprising lack of concern," said idRADAR CEO Tom Feige. "More than 500 breaches have been identified so far this year and this impacts, at a minimum, 20 million Americans."
Despite the potential dangers, the majority of Americans are unmoved, and in fact, the number of people who have taken steps to protect their privacy -- 27.44% -- is only a little over 10% higher than than the 17.03% of people who told iDRADAR their debit or credit card was used fraudulently in the past year. Survey respondents were also pretty open about their lack of concern when explaining how they use their debit cards post-breaches, as the graphic below show.
Source: iDRADAR.
Because credit and debit cards are currently the only practical way for most people to pay for things, and folks are not likely to simply stop buying stuff, people will still use them until a viable alternative exists.
"Data breaches are like buses, there's always another one coming. Even with all the personal information floating in cyberspace, consumers continue to swipe their credit cards," Charles Tran, founder of CreditDonkey.com, told the Fool via email. "Carrying a wad of cash around is more dangerous than using plastic."
That's decidedly true, but the repeated press surrounding data breaches could open a door for an alternative payment system such as Apple's (NASDAQ: AAPL) recently announced Apple Pay service. Of course, Apple has its own consumer trust and security issues to deal with in the wake of the recently massive theft of private photos of a number of celebrities.
The good news for Home Depot is that the data breach is not likely to materially impact its business. Target got hurt because its attack was the first recent credit card breach to receive a massive amount of publicity. The company was also a bit tone-deaf in its response to the security crisis and took too long to tell customers what it was doing to prevent future attacks.
Home Depot learned from Target's mistake and quickly released a statement assuring customers that the malware that caused the breach had been eliminated. The company also announced that any affected terminals were removed from service while enhanced encryption technology had been rolled out to all U.S. stores.
