In Our View: Data Breaches Demand Action

In legal circles, the notion of caveat emptor in the United States dates back to 1817, when Chief Justice John Marshall wrote the majority opinion in Laidlaw v. Organ. In basic terms, the phrase means “buyer beware,” and it has become particularly relevant for consumers in this country.

That point was driven home Tuesday, when executives from Target and Neiman Marcus — store chains that have been targeted by hackers trolling for the personal and credit card information of shoppers — testified before Congress about recent breaches in their security systems. “The unfortunate reality is that we suffered a breach, and all businesses — and their customers — are facing increasingly sophisticated threats from cyber criminals,” Target chief financial officer John J. Mulligan told lawmakers. “In fact, recent news reports have indicated that several other companies have been subjected to similar attacks.”

Well, that’s not the least bit reassuring. But at least it’s honest; security experts long have warned that there is no end in sight for cyber attacks upon retailers. In December, at the height of the Christmas shopping season, Target revealed it had been hit by hackers who lifted 40 million debit and credit card numbers from its customers. Company officials later said that hackers also grabbed personal information such as names, home addresses and telephone numbers from up to an additional 70 million consumers. Weeks later, Neiman Marcus said 1.1 million of its customers had been affected by a three-month-long data breach, an act that has resulted in 2,400 cards being used in fraudulent transactions thus far.

Such cyber strikes on U.S. companies are not a coincidence. As the Wall Street Journal recently reported: “Chip-based credit cards — in which a smart chip in the card works with special readers installed at stores — are widely used in Europe and Canada, making it more difficult for thieves to profit from the sort of massive data breach that hit Target over the holidays. . . . But the technology has yet to be embraced in the U.S., and as a result, the U.S. has become the preferred target for criminal hackers.”

Part of the reason for that is the ethos of the United States. As caretakers of a society that is leery of any action that can be construed as an intrusion on personal privacy, Americans are loath to accept things such as smart chips in their credit cards. But, as Ed Mierzwinski of the U.S. Public Interest Research Group told members of Congress: “Target was at fault, Neiman was at fault, but they’re not completely at fault. They’re asked to accept cards that are inherently dangerous.”

A decade ago, Target was at the forefront of efforts to institute card chips in this country, but the company abandoned the project. “A review of the program led the leadership team to agree that there were potential operational, financial and marketing benefits,” Mulligan told the Wall Street Journal. “However, without broad industry adoption of the technology to ensure a consistent guest experience, there weren’t enough benefits at that time to continue the test.”

Now, it would seem, is a logical time for U.S. retailers to adopt such technology. The Target breach made clear the shortcomings of the current system, subjecting consumers to identity theft that can endanger their personal finances and can be troublesome to clear up. When it occurs on such a vast scale, it can hamper the economy of the entire nation. For now, however, consumers are left with nothing more than a two-word warning when it comes to securing their personal information: Buyer beware.