A five-month-long Home Depot data breach that led to the theft of upwards of nearly 60 million consumers' credit card numbers and other personal data reopened gaping holes in U.S. credit card security. It also left Home Depot vulnerable to critics who say it didn't do enough to safeguard its customer's sensitive data.
“Data breaches can clearly hurt a merchant’s reputation,” says Matt Schulz, senior credit card industry analyst for CreditCards.com. "However, it’s incredibly important for merchants to be as transparent as possible and to make decisive moves that will have a real impact.”
Read More: 7 Stocks Warren Buffett Is Selling in 2014
According to The New York Times, Home Depot's data security has been an issue for some time. Employees accused the company of dragging its feet in responding to this year's breach, but in 2012 it hired a computer engineer who had previously been sentenced to prison for tampering with other employers' computer systems.
That's a whole lot to overcome, especially when the 56 million credit card numbers lost during the breach made the 40 million numbers Target (TGT) lost during its credit card breach in 2013 seem paltry by comparison. That even topped the 46.5 million numbers that TJX (TJX) stores including T.J. Maxx and Marshall's coughed up after a breach of its payment systems in 2007.
According to Bill Wohl, vice chairman of the U.S. Reputation Leaders Network, part of the Reputation Institute research and advisory firm focused on corporate reputation, research on companies that experience data breaches reveals enormous damage to a company's reputation in each instance.
"For example, while Target's reputation scores have been declining for some time, the largest drop was in the last year alone, and the largest of any U.S. company," Wohl says. "Since 2011, Target's CSR score -- a measure of the enterprise dimensions of reputation that include 'workplace,' 'governance,' and 'citizenship' -- fell dramatically, the largest drop among any U.S. retail company in the same time frame."
That blow to a company's reputation is costly, as merchants have to shell out big money to update security in an attempt to win back customers. TJX paid $256 million the year after the breach to help customers clear up their credit records and to address the legal claims of those who couldn't. When 20% of customers took the company up on its offer for a free credit watch, it became a huge portion of the $1.24 billion TJX would have to spend on public relations, internal investigations and other related costs.