Now that the initial media blitz about the massive Target breach has passed, it is time to look ahead at the implications:
- Legislation: In the past, we have seen major breaches drive legislative change. But now that most states have data security statutes, it seems unlikely that much will happen at the state level. And action at the federal level has been long promised, but remains a distant vision.
- Law enforcement: While the actual hackers may remain elusive, Target is an easy target. Expect significant investigations, record-setting financial penalties and a burdensome compliance agreement for Target. And, of course, class action litigation has already started.
- Consumers: After a brief period of unease, they will slip back into their old credit card habits.
- Businesses: Retailers in particular will be looking at their credit card handling processes. It’s being suggested that the breach occurred because three-digit CVV security codes on credit cards were being stored (contrary to PCI rules). Regardless, it’s time for any business that accepts credit cards to perform a checkup of data security policies and procedures.
- Bad guys: They are likely to be emboldened by this and will increase their search for the soft data security underbelly.