By Don Peppers and Martha Rogers, Ph.D.
When retail behemoth TJX revealed in January that thieves had invaded its systems and stolen a wealth of consumer data, most observers expected the company would take a huge hit.
In all, 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders. It's considered the worst ever incident involving the loss of personal data.
Given all the studies that illustrate heightened consumer concern about privacy and security issues, pundits speculated that consumers would register a vote of no-confidence by shopping elsewhere, punishing the retailer for the lengthy security compromise.
However, when TJX, parent company of TJ Maxx, Marshall's, HomeGoods, and other stores, unveiled its fiscal results for the quarter that ended April 28, the company reported sales were up six per cent from the same period last year.
Amid the escalating costs and uncertainty on the company's bottom line, loyal customers seem undeterred when it comes to hunting down a bargain at their favorite TJX store.
"'Schizophrenia' is a good word for it," says Dr. Larry Ponemon, founder and chairman of the privacy/data think tank The Ponemon Institute.
"People are often shocked and dismayed when they find out that an organization has had a privacy or security issue. But more and more often, their behavior after it doesn't reflect that disappointment."
TJX's value proposition is obviously very strong. The company's retail brands are associated with convenience and low cost - and customers return again and again in search of a bargain.
"We're all pragmatists," says Peter Vogel, a partner in the Dallas law firm Gardere Wynne Sewell, chair of the Texas Supreme Court Judicial Committee on Information Technology and an adjunct professor of computer law at Southern Methodist University Law School.
He adds that an organization like TJX also might be benefiting from consumers' false sense of security. "People think that once an organization has a security or privacy issue, there won't be a second one. They believe the problem gets addressed and won't happen again."
Even with its successful quarterly numbers, the situation has cost TJX. It's spent more than $20 million to repair the security-related infrastructure. Lawsuits are mounting.
Attempts to restore the company's flagging reputation are under way, perhaps starting in earnest earlier this month when the company's new chief executive apologized for the breach during its annual shareholders meeting.
TJX's CEO also has an open letter on the company Website apologizing for the incident and announcing that more than 50 security experts are working to improve its systems. It seems like that's enough for shoppers' peace of mind.
The larger question for TJX now is how it goes about winning the trust of new potential customers and repairing damage to relationships with existing customers.
As the costs of lawsuits and potential fines to regulators mount, the company must contend anew with the impacts on its reputation over the long term.
This article originally appeared in, "INSIDE 1to1 Privacy," published with the International Association of Privacy Professionals. Visit privacyassociation.org to learn more.
Check out 12ahead, our brand new platform
covering the latest in cutting-edge digital marketing and creative technology from around the globe.
12ahead identifies emerging trends and helps
you to understand how they can apply to modern-day companies.
We believe 12ahead can put you and your
business 12 months ahead of the competition. Sign up for a free trial today.